Responsibilities

• Responsible for the formulation of IT Security Strategy by assessing the evolving threat landscape together with the organizational strategic objective.
• Responsible for analyzing IT security architecture trends and develop recommendations for changes to the global security infrastructure.
• Responsible for implementing and continuously improving an organization wide’s monitoring mechanisms of IT Security related events.
• Responsible for developing and continuously improving an organization wide’s IT Security Incident/Alert Management Framework, covering different geographies.
• Responsible for driving high degrees of security automation within the operational framework.
• Responsible for driving and maintaining oversight of all IT Security related events, incidents and/or investigations.
• Responsible for creating a framework to monitor IT Security Intelligence relevant to the organization.
• Responsible for establishing link up with relevant IT Security incident authorities (e.g. SINGCERT) and supporting bodies (e.g. Forensic vendor).
• Responsible for building an IT Awareness Program with both learning and phishing simulation to enhance the security readiness of the staff across countries with different cultural experience.
• Support in validating the effectiveness of the framework through simulation exercises.
• Support in managing a Security Vulnerability and Penetration Testing Program. Collaborate with cross functional teams to build and mature the DevSecOps program with implementation of “shift left” initiatives.
• Assist in operating an effective Data Leakage Protection Program that provides the maximum protection to critical data with minimum false alert overhead.
• Assist in ensuring the ongoing compliance against relevant IT legislative/regulatory requirements (e.g. PDPA, MAS TRM & PCI).
• Assist in ensuring the ongoing compliance against the organizational IT Security policies, standards and procedures.

Requirements

• 8 to 12 years of relevant IT Security work experiences.
• Possesses security related certifications such as CISSP, CISM or CISA, with strong knowledge of IT legislations such as PDPA, MAS TRM, PCI, SGX and ISO 27001.
• Knowledge of common information security management knowledge, including but not limited to ATT&CK, kill chains, etc.
• Exercise high diligence in ensuring the root causes of all IT Security events are identified and remediated timely.
• Highly disciplined and diligent in driving deliverables strictly within defined timelines.
• Strong communication/presentation/writing skills with proficiency in writing & speaking English and Chinese (to liaise with China counterparts).
• Disciplined in being guided by a set of formalized security policies, standards, procedures and frameworks.
• Logical and methodological, with good planning & organizational skills.
• Able to work independently and as a strong team player.

*Interested candidates please send your CV to [email protected]*