Agency Chief Information Security Officer (ACISO)

GovTechAxes the lead agency driving Singapore’s Smart Nation initiatives and public sector digital transformation. As the Centre of Excellence for Infocomm Technology and Smart Systems (ICT & SS), GovTech develops the Singapore Government’s capabilities in Data Science & Artificial Intelligence, Application Development, Smart City Technology, Digital Infrastructure, and Cybersecurity.

At GovTech, we offer you a purposeful career to make lives better while you master your craft through robust learning and development opportunities all year round. Play a part in Singapore’s vision to build a Smart Nation and embark on your meaningful journey to build tech for public good. Join us to advance our mission and shape your future with us today!

Learn more about GovTech at tech.gov.sg.

GovTech supports various Government Agencies in carrying out ICT delivery services and appoints Agency Chief Information Security Officers (ACISO) to oversee information security management within these agencies. The ACISO is a leadership role that requires technical proficiency demonstrated in multiple cybersecurity domains. The role demands knowledge and practical experience in most of the domains below:

• Cyber առաջGovernance frameworks
• Architecture design and threat risk assessment
• Security Testing

The ACISO must possess technical understanding of both on‑premises infrastructure security and cloud security architectures across major platforms (e.g., AWS, Azure, and GCP), including their native security features, identity management systems, and security control implementations.

Emplaced in public agencies and reporting to the agency’s Chief Information Officer (CIO) and Ministry Family CISO, you will collaborate with various stakeholders (GovTech HQ teams, Agency management, Agency project teams, and outsourced vendors) and will be responsible to:

• Lead the agency-level cybersecurity function in supporting agency digital transformation initiatives while ensuring the digital resilience of agency systems.
• Formulate and implement agency cybersecurity strategies, policies and work plans, ensuring continuous alignment with Ministry Family’s business strategic goals.
• Review and enhance risk management through threat‑based risk assessments, risk mitigations, risk monitoring and reporting.
• Provide consultation and endorse risk management and mitigation plans from agency’s project teams.
• Govern and enhance the agency’s security posture by maintaining visibility and oversight of ICT assets, security architectures, and cybersecurity operations code of practices.
• Develop and maintain incident response plan and playbooks. This involves planning, designing and conducting security incident response workshops and exercises (table‑top exercises, simulation and drills) as well as leading the investigation and management of ICT security incidents.
• Provide advisory and recommendations on appropriate cybersecurity technologies to be deployed that meet agency’s business requirements and are aligned with WOG‑wide advisories and practices.
• Ensure secure‑by‑design ICT product development, and that security controls implementations comply with the defined security policies, standards and guidelines.
• Develop and maintain effective cybersecurity awareness and training programmes.

• Degree in Computer Science, Information Systems, Engineering or related Technology field
• At least 8‑10 years of management experience related to information security and solidasters in ICT operations, security policies, business processes and the relationship between them.
• Ability to work with multi‑functional, multi‑disciplined teams to formulate, institute real‑time awareness of security posture and a baseline among end users.
• Good interpersonal and partner/executive leadership skills.
• Demonstrate knowledge and experiencearker in security by design implementations, review of system=edge architecture, devSecOps practices, Infrastructure as Code (IaC) tools and securing CI/CD pipelines.
• Demonstrate understanding of cloud service models (IaaS, PaaS, SaaS), coupled with a strong understanding of core cloud services and modern cloud‑native architectures (serverless, containers, microservices).
• Identify on‑premises and cloud‑specific cybersecurity risks and threats, demonstrating skills to thoroughly assess their impact and likelihood. This assessment encompasses, but is not limited to, secure configurations, insider threats, vendor risks, data leakage, malware including ransomware, account hijacking, and compliance risks.
• Evaluate the effectiveness of existing controls and recommend appropriate mitigation strategies for on‑premises and cloud‑related cybersecurity and data security issues.
• Display understanding of emerging threats and technologies, and the ability to translate risk into business impact.
• Strong understanding of compliance requirements and the ability to identify potential violations in on‑premises or cloud environments.
• Ability to communicate cyber security topics effectively to senior stakeholders.
• Minimally possess CISSP certification, preferably with other related certifications, e.g. CISM, CCSP, GCIH that demonstrates continuous learning and knowledge of industry best practices.
• We believe in being Agile, Bold and Collaborative, and are looking for people who identify with these values.
• Singaporeans only.

GovTech is an equal opportunity employer committed to fostering an inclusive workplace that values diverse voices and perspectives, as we believe it is key to innovation.

Our employee benefits are based on a total rewards approach, offering a holistic and market‑competitive suite of perks.

We champion flexible work arrangements (subject to your job role) and trust you to manage your time to deliver your best.

Learn more about life inside GovTech at go.gov.sg/GovTechCareers.