Principal Analyst

• Provides a critical & essential service to Singapore
• Ranked among The Straits Times Singapores Best Employers
• Friendly working environment & attractive benefits

You will be the lead analyst cum project manager for cybersecurity compliance projects in the company. This is a new role aims to drive and formulate the implementation of the controls required for the following new and added scopes under Cybersecurity Code of Practice (CCoP) 2.0 in ensuring Senokos continual compliance to the regulatory requirements. Your main responsibilities are as below:-

• Perform vulnerability assessment and work collaboratively with service providers to perform penetration testing and purple teaming attack simulation.
• Lead and conduct threat hunting and cybersecurity exercises
• Review cyber risks and propose improvement on security control
• Work with Cybersecurity lead to review policies, standards and procedures

Your Profile:

Be familiarise with the CSA CCoP 2.0 control requirements

Initiate the review process for Senoko policies, standards, guidelines and procedures being impacted by the CCoP revision

Manage the roll out of the revised policies, standards, guidelines and procedures with the affected stakeholder groups

Facilitate requirement gathering and scope up the cybersecurity initiatives

Research and reach out to prospective service providers to understand their service offering

Develop projects plan and strategise the execution of the projects

Follow through Senoko procurement process for the award of the cybersecurity projects to the most suitable service providers

Identify any new controls and any existing controls that need to be revised, with regards to the revised CCoP 2.0

Propose the required controls (new or revised) and obtain buy in from the relevant stakeholder

Design sustainable work processes and measures to ensure the required controls are implementable

Initiate the review process for Senoko Cybersecurity Incident Response Plan

Work with the relevant stakeholders to develop any new or revise the necessary checklists, templates and / or procedures for the response plan

Publish the revised response plan

Perform due diligence in assessing suitable vendors to deliver the planned cybersecurity projects

Manage the expectation and performance of the awarded vendors delivering the projects till completion

Develop vendor contacts and relationships for the next phase of the projects, if any

Develop and maintain projects plan

Maintain the projects schedule and give periodic report on the progress

Manage any identified risks and issues

Manage the required resources for successful projects delivery

Ensure all identified project deliverables are delivered

Review and draft any service contract, within the scope of the planned CCoP cybersecurity initiatives, in accordance to Senoko procurement practices and cybersecurity guidelines, and Singapore laws and regulations

Manage and track the contracts awarded

Report any breach or vendor non-performance against the awarded contract terms

Your Profile:

A degree in computer science, information systems or equivalent

At least 5-7 years working experience in cybersecurity compliance capacity

OT cybersecurity experience will be advantageous

The offered job grade/designation will be based on candidates experience, competencies and skillsets

Essential (Possess at least 2 of the following skills and competencies)

• Experience with Network Infrastructure management
• Experience with SIEM, IDS/IPS, EDR solutions and processes
• Experience in conducting IT vulnerability assessment and penetration testing exercise
• Experience in conducting cybersecurity awareness training
• Experience in facilitating workshops
• Experience in managing projects, vendors and contracts
• Experience in conducting audits or providing cybersecurity consultations

Optional

• Experience with OT cybersecurity is a plus
• Experience with Instrument & Controls Systems is a plus

Certifications:

• CISSP or NIST-related certification is a plus
• Project management certification is a plus
• ITIL certification is a plus

Intellectual curiosity and analytical. This role requires the candidate to explore, learn and master the business domain. The candidate must be motivated and with intellectual curiosity to discover and map out the way our business operates.

Technical detail oriented: Candidate must have keen attention to detail this is a highly technical role, and candidates must be able to work with technical details.

Ability to work towards in time-definite outcomes: Candidate must be able to work in time-critical operations environment this role functions within production operations. There are routines and scheduled events that the candidate must work within.

Ability to take ownership: This is a subject matter expert and systems ownership role the candidate must be highly self-motivated, and take responsibility for the systems under his/her charge

Ability to work independently and collaboratively with team members, internal and external stakeholders.