Senior Manager/Assistant Director (Resilience Building and Response)
CAA-Changi Airport Terminal 2
The Singapore Public Service
[What the role is]
Cybersecurity is a critical pillar of CAAS’ work. To ensure that the Singapore air hub remains safe and secure for air travel, every mission-critical system that supports air hub operations must be well-protected and resilient against rapidly evolving, and increasingly complex, cybersecurity threats.
We are looking for strong and dynamic candidates to be part of the resilience building and response team, with the newly established Cybersecurity and Data Governance Division. Together, you will be strengthening cybersecurity resilience and incident response of CAAS and the aviation sector, through development of enterprise-wide ICT security policies and standards, competency development plans, and training and awareness programmes.
[What you will be working on]
• Review and develop CAAS ICT security policies and standards in line with government IM8
• Conduct independent ICT security assessments and reviews of ICT security reports to assess the adequacy and ICT security maturity of systems, infrastructure, services and processes;
• Engage CAAS system owners and development team to address any cybersecurity vulnerabilities and gaps identified in their systems;
• Engage CAAS system owners and work with appointed vendor to deploy new/emerging technical solutions to detect cybersecurity breaches and anomalies to enhance overall enterprise cybersecurity posture;
• Work with internal/external auditors, and system owners/vendors in planning and conducting ICT security audits, reviews, and cybersecurity exercises;
• Develop and review CAAS Cybersecurity Incident Response Plan to ensure relevance to cybersecurity threat landscape
• Be part of the incident and response team to respond and investigate ICT-related security incidents.
• Strengthen cybersecurity readiness/resilience of CAAS and aviation sector through phishing exercises, red-teaming, bug bounty programmes etc.
• Develop and implement a capability development plan for cybersecurity personnel in CAAS and the aviation sector
• Keep abreast of the latest industry ICT security practices and technologies, as well as emerging threats and vulnerabilities, in order to recommend appropriate controls and new solutions for implementation to enhance the enterprise security posture.
[What we are looking for]
• Trained in ICT Security, Information Security, Information Technology, Computer Science, Engineering (Computing/Telecommunication), Cybersecurity or equivalent
• At least 3 years of direct and relevant ICT cybersecurity work experience (i.e. infrastructure and network security, software development security etc.)
• An active professional certification in ICT security or Information Security from ISACA, (ISC)2 or equivalent will be an advantage
• Strong domain knowledge of
o Access control, telecommunications and network security
o Information security governance, risk management and compliance;
o Software development security; cryptography;
o Security architecture and design especially on cloud
o Operations security, business continuity and disaster recovery planning and forensic investigations
o Security by design process for ICT systems
• Able to show understanding of the relationship between an information security programme and the broader business goals and objectives
• Self-motivated and independent, a good team player with well-rounded skillset, and can-do attitude
• Curious and passionate about cybersecurity with a hacker mindset
• Excellent verbal, written communication and interpersonal skills
• Strong analytical, presentation and negotiation skill
Note: Your appointment designation will commensurate with your relevant work experience. Successful candidates will be offered a 3-year contract in the first instance, and may be considered for placement on a permanent tenure or subsequent contract renewal.
Cybersecurity is a critical pillar of CAAS’ work. To ensure that the Singapore air hub remains safe and secure for air travel, every mission-critical system that supports air hub operations must be well-protected and resilient against rapidly evolving, and increasingly complex, cybersecurity threats.
We are looking for strong and dynamic candidates to be part of the resilience building and response team, with the newly established Cybersecurity and Data Governance Division. Together, you will be strengthening cybersecurity resilience and incident response of CAAS and the aviation sector, through development of enterprise-wide ICT security policies and standards, competency development plans, and training and awareness programmes.
[What you will be working on]
• Review and develop CAAS ICT security policies and standards in line with government IM8
• Conduct independent ICT security assessments and reviews of ICT security reports to assess the adequacy and ICT security maturity of systems, infrastructure, services and processes;
• Engage CAAS system owners and development team to address any cybersecurity vulnerabilities and gaps identified in their systems;
• Engage CAAS system owners and work with appointed vendor to deploy new/emerging technical solutions to detect cybersecurity breaches and anomalies to enhance overall enterprise cybersecurity posture;
• Work with internal/external auditors, and system owners/vendors in planning and conducting ICT security audits, reviews, and cybersecurity exercises;
• Develop and review CAAS Cybersecurity Incident Response Plan to ensure relevance to cybersecurity threat landscape
• Be part of the incident and response team to respond and investigate ICT-related security incidents.
• Strengthen cybersecurity readiness/resilience of CAAS and aviation sector through phishing exercises, red-teaming, bug bounty programmes etc.
• Develop and implement a capability development plan for cybersecurity personnel in CAAS and the aviation sector
• Keep abreast of the latest industry ICT security practices and technologies, as well as emerging threats and vulnerabilities, in order to recommend appropriate controls and new solutions for implementation to enhance the enterprise security posture.
[What we are looking for]
• Trained in ICT Security, Information Security, Information Technology, Computer Science, Engineering (Computing/Telecommunication), Cybersecurity or equivalent
• At least 3 years of direct and relevant ICT cybersecurity work experience (i.e. infrastructure and network security, software development security etc.)
• An active professional certification in ICT security or Information Security from ISACA, (ISC)2 or equivalent will be an advantage
• Strong domain knowledge of
o Access control, telecommunications and network security
o Information security governance, risk management and compliance;
o Software development security; cryptography;
o Security architecture and design especially on cloud
o Operations security, business continuity and disaster recovery planning and forensic investigations
o Security by design process for ICT systems
• Able to show understanding of the relationship between an information security programme and the broader business goals and objectives
• Self-motivated and independent, a good team player with well-rounded skillset, and can-do attitude
• Curious and passionate about cybersecurity with a hacker mindset
• Excellent verbal, written communication and interpersonal skills
• Strong analytical, presentation and negotiation skill
Note: Your appointment designation will commensurate with your relevant work experience. Successful candidates will be offered a 3-year contract in the first instance, and may be considered for placement on a permanent tenure or subsequent contract renewal.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Job stats:
0
0
0
Categories:
Architecture Jobs
Leadership Jobs
Tags: Audits Cloud Compliance Computer Science Cryptography Governance Incident response ISACA Network security Risk management Security assessment Vulnerabilities
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.
Security Operations Engineer jobsPenetration Tester jobsSenior Cyber Security Engineer jobsSenior Cybersecurity Engineer jobsInformation Security Officer jobsInformation Systems Security Officer jobsPrincipal Security Engineer jobsSenior Network Security Engineer jobsCloud Security Architect jobsInformation System Security Officer jobsStaff Security Engineer jobsSecurity Specialist jobsSenior Penetration Tester jobsChief Information Security Officer jobsSecurity Consultant jobsIT Security Engineer jobsCyber Security Specialist jobsSenior Information Security Analyst jobsCyber Security Architect jobsSecurity Operations Analyst jobsSenior Product Security Engineer jobsThreat Intelligence Analyst jobsCybersecurity Consultant jobsInformation System Security Officer (ISSO) jobsSenior Information Security Engineer jobs
SaaS jobsSDLC jobsEncryption jobsForensics jobsMalware jobsRMF jobsSQL jobsGDPR jobsSplunk jobsIDS jobsIPS jobsTop Secret jobsFinance jobsEDR jobsDoDD 8570 jobsBash jobsTerraform jobsITIL jobsOWASP jobsUNIX jobsIntrusion detection jobsTCP/IP jobsCRISC jobsGIAC jobsDocker jobs
SANS jobsCompTIA jobsPolygraph jobsActive Directory jobsBanking jobsData Analytics jobsCCSP jobsThreat detection jobsOSCP jobsClearance Required jobsVPN jobsCyber defense jobsAnsible jobsJavaScript jobsSOC 2 jobsDNS jobsIT infrastructure jobsSOAR jobsGCIH jobsSecurity strategy jobsOracle jobsJira jobsSOX jobsCryptography jobsNIST 800-53 jobs