Manager, Cybersecurity Assurance
Job Description
The candidate will assist the Team Lead to build and set up security framework and policies and standards, create awareness and outreach and manage technology risk. This role will be actively involved to drive adoption of proactive technology risk management through a structured approach of risk identification, assessment and mitigation based on the organization risk tolerance. He / She will assist in the development and implementation of a company-wide cybersecurity framework and policies, and ensures appropriate control objectives for system confidentiality, integrity and availability within the context of the company’s risk tolerance. He / She will work with various stakeholders to educate and promote the adoption of cybersecurity framework and policies, the rationale of such framework and policies including its applications to manage the evolving threat landscape, execute cybersecurity outreach programs and raise awareness on cybersecurity trends, threats and best practices across the organization, provide security consultancy and review of solutions to the business units and IT peers especially in the context of threat modelling, risk analysis & management
- Manage the strategic development and improvement of risk frameworks, methodologies and requirements
- Anticipate internal and external business challenges and legal or regulatory issues
- Provide strategic risk guidance to stakeholders in the implementation and execution of cyber risk strategies across the organisation
- Formulate governance procedures for documenting and updating security policy, standards, guidelines and procedures
- Develop the organisation’s Cyber Risk Maturity model
- Provide strategic and technical recommendations following identification of vulnerabilities in operating systems
- Incorporate emerging security and risk management trends, issues, and alerts into risk assessment framework
- Oversee the development of documentation on methodologies and tools to mitigate cyber risks
- Oversee the planning and conduct of organisational cyber security exercises
- Manage responses to regulatory inquiries, inspections or audits
- Develop strategies for resource planning and utilisation
- Establish performance indicators to benchmark effectiveness of learning and development programmes against best practices
- Implement succession planning initiatives for key management positions
- Lead and Drive vulnerability disclosure program including bounty hunter program
- Lead and Drive Red Team program
Job Requirement
Bachelor's degree in Computer Science or related field with at least 9-11 years’ experience as a security practitioner
Great to have:
- Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP) and/or Certified Information Security Manager (CISM) or equivalent
- AWS Certified Solutions Architect Professional is preferred
- Knowledge of compliance frameworks and regulatory requirements (NIST, ISO 27001, Cybersecurity Act, Personal Data Protection Act, Payment Card Industry Data Security Standard, IMDA Code of Practice for Broadcasting & Telecommunications, etc)
- Demonstrated relevant security expertise in designing security solutions for a mix of technology areas, with a focus on application, network and cloud security
- Ability to quickly articulate creative & alternative methods for solving security-specific business problems
- Hands-on collaborative style and proactive approach to working with other’s
- Able to handle multiple projects at the same time
- Able to work under pressure, delivering quality works and meeting deadlines
- Proven ability to communicate security compliance to executive business leaders
- Positive working attitude with good interpersonal and communication skills
*We regret that only shortlisted candidates will be notified.
