Security Governance & Compliance Manager

You will review systems infrastructure, design and architecture to ensure cybersecurity factors are considered and in compliance within existing government IM8 requirements. In addition, you will support the implementation of cyber and data security measures, and incident response and management for these systems. These systems are software intensive, complex and requires high availability. Depending on the phase of the systems lifecycle, you will be assigned to specify the technical requirements of the systems, evaluate on the proposed solutions, work on relevant approvals, execute the implementation of enhancement or technical refresh as well as maintenance of the systems.

• Manage projects/ systems including cyber-security implementations, as well as the design and engineering information security (e.g. authentication, perimeter security, security compliance tools), technology systems (software & hardware), and security policies / procedures.

• Implement solutions to enhance cyber-security posture (e.g. cyber defenses, mitigation measures) to international standards and requirements.

• Work closely with multiple stakeholders both internal and external (including other government agencies, system suppliers, maintenance operators, operation users, IT consultants/auditors etc) which include coordinate, liaise, support and conduct meetings to facilitate and validate the implementation in accordance with national and international cybersecurity standards and requirements.

• Coordinate, liaise, support and conduct internal as well as external audit needs/issues including technical discussions and internal audits (e.g. scanning exercises, penetration tests).

• Formulate process and procedures relating to cyber security through continuous engagement with the various stakeholders including the regulator, industry players and relevant agencies.

• Keep abreast of the latest industry cybersecurity practices and technologies as well as emerging threats and vulnerabilities, then recommend appropriate controls for implementation to improve the systems security posture.

• Conduct investigations into security breaches to determine the cause of the incidents and work closely with multiple stakeholders both internal and external to resolve the incidents, participate in post-incident reporting and study/implement the proposed enhancement to the systems and infrastructure to close the security gaps.

• Manage relevant security documentation and updating of the overall security programme, including planning, coordinating and conducting relevant training for security and assurance matters to raise and maintain high cyber security awareness in the department.

• Coordinate internal and external audit needs/issues and participate in technical discussions and internal audit (e.g. scanning exercises, penetration tests).

• Trained in Cybersecurity, Information Security, Information Technology, Computer Science, Engineering (Computing/ Electrical/ Electronics/ Telecommunication) or equivalent

• Professional certification such as Certified Information Security Auditors (CISA) and/or Certified Information Systems Security Professional (CISSP) would be advantageous.

\

• An active professional certification in Cybersecurity or Information Security from ISACA, (ISC)2 or equivalent will be an advantage

• At least 3-5 years of relevant experience in system project implementation and cybersecurity compliance and/or cybersecurity work experiences in ICT infrastructure or network implementation

• Possess good experience in managing cybersecurity projects, preferably having gone through at least one project implementation life cycle

• Strong domain knowledge of information security governance and risk management, controls, vulnerability assessment/penetration testing, compliance, business continuity, investigations, system architecture and design, legal, and industry IT and cyber security best-practices.

• Able to show understanding of the relationship between cybersecurity and the broader business goals and objectives

• Self-motivated and independent, a good team player with well-rounded skillset, and can-do attitude

• Excellent verbal, written communication and interpersonal skills

• Strong analytical, presentation and negotiation skill

We appreciate your application and regret only shortlisted candidates will be notified.

By submitting your resume, you consent to the handling of your personal data in accordance with Certis Group Privacy Policy (www.certisgroup.com/privacy-policy).