Cybersecurity Team Lead

Company:

Sopra Steria is a listed European tech leader specializes in Consulting, Digital Service, and Software. We have 60,000 employees worldwide located in different regions (Europe, North America and Asia), whereby Singapore is the HQ for APAC. EvaGroup Asia Pacific is part of Sopra Steria I2S APAC, in charge of Infrastructure, Cloud and Cybersecurity services.

Description:

For this project, we are forming a team of 6 (including 1 team lead) to perform the following scope of works:

(i) Security Risk Assessment

(ii) Security Policies, Standards, Guidelines, And Procedures Review

(iii) Security Design

(iv) Application Security

(v) Vulnerability assessment and

(vi) System Security Acceptance Testing

We are seeking a highly skilled and experienced Team Lead to join our dynamic team. The ideal candidate will possess deep technical knowledge, strong leadership skills, and a proven track record
in managing cybersecurity projects.

Responsibilities:

• Lead and oversee the execution of comprehensive security risk assessments across a wide range of environments, including on-premise, cloud (AWS, Azure), DevOps, IoT, and thirdparty ecosystems
• Drive and review complex vulnerability assessments, ensuring thorough analysis of findings, prioritization of risks, and development of actionable mitigation strategies
• Lead the design and review of enterprise security policies, standards, and procedures, ensuring alignment with organizational goals and compliance with regulatory frameworks
  (e.g., NIST, ISO 27001, CSA, MAS)
• Guide and mentor team members in application security activities including secure code reviews, threat modeling (e.g., STRIDE, PASTA), architecture reviews, and secure SDLC integration
• Provide technical leadership in cloud security architecture reviews, including cloud configuration audits, IAM analysis, encryption practices, and hybrid cloud governance
• Oversee System Security Acceptance Testing (SSAT) activities, define security test strategies, validate controls, and ensure secure integration of systems before go-live
• Manage the development and communication of risk reports and executive summaries, ensuring findings are clearly articulated, business-aligned, and actionable
• Act as the primary point of contact for clients and internal stakeholders, ensuring timely delivery of cybersecurity engagements, maintaining high quality and client satisfaction
• Provide thought leadership across all six cybersecurity domains and stay up to date with emerging threats, tools, and frameworks to continually improve the team's capabilities
• Coach, mentor, and develop junior team members, fostering a collaborative and technically strong team culture

Requirements:

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or related field (Master’s degree is a plus)
• Professional certifications such as CISSP, CISM, OSCP, CCSP, CISA, or equivalent are strongly preferred
• Minimum 5–8 years of experience in cybersecurity consulting with demonstrated leadership in risk assessment, application security, cloud security, policy & compliance, security by design, and vulnerability management
• Proven experience working in and securing cloud environments (AWS, Azure, GCP), with a solid understanding of native tools and best practices
• Strong hands-on experience in threat modelling methodologies (e.g., STRIDE, PASTA) and security testing in CI/CD environments
• Deep knowledge of relevant regulatory frameworks and standards (e.g., NIST 800-series, ISO 27001, CIS Controls, MAS TRM)
• Demonstrated project and people leadership experience, with the ability to lead multiple engagements simultaneously
• Strong stakeholder engagement, client management, and executive communication skills
• Ability to think strategically, lead technically, and drive high-impact outcomes in dynamic environments