Information Technology - Cyber Security Specialist (Risk and Governance)

You will be a member of the Group Information Security Team responsible for ensuring corporate applications, systems, networks, and digital assets are adequately protected and mitigated against cyber threats and risks. You will help drive cybersecurity and risk management efforts and user awareness and education within the Singapore Airlines Group.

• Provide cyber governance and risk management oversight.
• Manage the security policy framework and relevant standards.
• Oversee applicable security, regulatory, privacy, contractual cyber requirements.
• Manage cyber risk analysis and self-assessments program for various information services, systems, processes and recognized industry standards.
• Conduct risk assessments, document results, and propose and track remediation tasks.
• Develop compliance program top routinely assess existing infrastructure, systems, and applications for compliance and vulnerabilities and propose relevant mitigating controls.
• Conduct vulnerability assessments and track remediation status of identified vulnerabilities.
• Identify and assess cyber risks and recommend and drive cyber security solution and initiatives to improve cyber security posture.
• Define controls to meet regulatory, legislative, and industry specific compliance requirements.
• Manage third party cyber risk assessment standards.
• Prepare IT security related KPI reports and management reports for compliance monitoring and reporting.
• Drive the implementation of GRC tool.
• Maintain user cyber awareness and provide security advisory on emerging security threats and vulnerabilities.
• Develop, review and continuously improve IT security training material and conduct user training to improve user awareness and incident response readiness.
• This role may be seconded to any of SIA’s subsidiary group

• Degree in IT or related fields, with 4-5 years relevant information security working experience, especially in the application security space.
• Professional security certifications (CISSP, CISA, CEH etc) preferred.
• Experience with Governance, Risk and Compliance (GRC) activities.
• Familiar with PCI, PDPA, GDPR requirements
• Experience in security technologies, practices, application/network/systems architecture and design, tests tools and processes.
• Knowledge of cyber security threats, vulnerabilities, hacking and exploit methods etc
• Strong oral, written, presentation and inter-personal skills.
• Possess positive attitude with drive, initiative, enthusiasm and a keen sense of urgency in resolving high-priority issues.
• Able to work independently and in a team-oriented, collaborative environment.