The candidate will assist the Team Lead to build and set up security framework and policies and standards, create awareness and outreach and manage technology risk. This role will be actively involved to drive adoption of proactive technology risk management through a structured approach of risk identification, assessment and mitigation based on the organization risk tolerance. He / She will assist in the development and implementation of a company-wide cybersecurity framework and policies, and ensures appropriate control objectives for system confidentiality, integrity and availability within the context of the company’s risk tolerance. He / She will work with various stakeholders to educate and promote the adoption of cybersecurity framework and policies, the rationale of such framework and policies including its applications to manage the evolving threat landscape, execute cybersecurity outreach programs and raise awareness on cybersecurity trends, threats and best practices across the organization, provide security consultancy and review of solutions to the business units and IT peers especially in the context of threat modelling, risk analysis & management
• Conduct review of existing security policies, procedures, standards and exceptions • Assist in the development of policies for conducting cyber security risk assessments and compliance audits • Perform cyber risk assessment activities based on risk assessment plans • Assess third party security controls and internal security systems • Conduct research on emerging cyber security and risk management trends, issues, and alerts • Prepare reports for cyber risk assessment reporting • Determine cause of security violations • Recommend corrective actions or appropriate controls to mitigate technical risks • Develops and maintains relationships with business partner organizations to understand their business requirements and advise on security solutions • Assist enterprise vulnerability management maturity including defining and tracking KPI metrics with IT peers • Assist the execution of the vulnerability disclosure program including bounty hunter program • Plan and conduct of organisational cyber security exercises • Assist Red Team program
Bachelor's degree in Computer Science or related field with at least 5-8 years’ experience as a security practitioner
Great to have: • Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP) and/or Certified Information Security Manager (CISM) or equivalent • Knowledge of compliance frameworks and regulatory requirements (NIST, ISO 27001, Cybersecurity Act, Personal Data Protection Act, Payment Card Industry Data Security Standard, IMDA Code of Practice for Broadcasting & Telecommunications, etc) • Demonstrated relevant security expertise in designing security solutions for a mix of technology areas, with a focus on application, network and cloud security • Ability to quickly articulate creative & alternative methods for solving security-specific business problems • Hands-on collaborative style and proactive approach to working with other’s • Able to handle multiple projects at the same time • Demonstrate commitment to the deadline • Proven ability to communicate security compliance to executive business leaders • Ability to influence others where there is no direct authority
*We regret that only shortlisted candidates will be notified.
StarHub, listed on the SGX-ST, is Singapore's second largest info-communications company. Since our inception, we have grown into a full-fledged organisation offering a complete range of solutions over fixed, cable, mobile and internet platforms.