Agency Chief Information Security Officer (Singaporean Only)*

Responsibilities

• Produce cyber security strategies and work plan, policies, standards and guidelines
• Support digitalisation planning and aligning with ICT security strategy goals and policy baselines.
• Perform regular Gap analysis.
• Oversee ICT security matters (approving and tracking ICT security work plan and resourcing, monitoring performance in security indicators and risk acceptance decisions).
• Regular reviews of all ICT systems across different operating environments, the systems’ security design, implementation and operations.
• Conduct Cybersecurity risk assessment and acceptance processes at the management level.
• Review, consult and endorse risk management and mitigation plans from project teams.
• Advise on cyber security solutions and technologies to be deployed suitable to business operations and aligned with WOG-wide advisories and practices.
• Ensure compliance to the defined security policies, standards and guidelines.
• Create and execute end user security awareness programmes
• Establish defined processes for Threat and Incident Management.
• Ownership of security incident response workshops and exercises (table-top exercises, simulation and drills)
• Lead investigation and management of ICT security incidents.

Requirement

• Degree in Computer Science, Information Systems, Engineering or a related Technology based education.
• Minimum 5 years of information security management experience
• Skilled in evaluating the effectiveness of existing controls and recommending appropriate mitigation strategies for on-premises and cloud-related cybersecurity and data security issues.
• Able to identify on-premises and cloud-specific cybersecurity risks and threats as well as potential violations in on-premises or cloud environments
• Able to collaborate with multi-functional, multi-disciplined teams to formulate, institute real time awareness of security posture and baseline among end users.
• Demonstrate skills to thoroughly assess cybersecurity risks/threats impact
• Solid grasp of ICT operations, security policies, business processes and the relationship between them.
• Knowledge or experience in Infrastructure as Code (IaC) tools such as Terraform and Ansible, including their application in maintaining and automating secure on-premises and cloud environments.
• Strong understanding of insider threats, vendor risks, data leakage, malwares including ransomware, account hijacking, and compliance risks.
• Strong understanding of compliance requirements
• Good interpersonal and partner/ executive leadership skills.
• CISSP/ CISM/ CISA certifications are advantageous.