Executive/Senior Executive, OT Cybersecurity

Job Purpose

Cybersecurity, especially in the domain of Operational Technology (OT), and operational resilience are of critical importance in today’s world. We are seeking a skilled and experienced Executive/Senior Engineer to join our dynamic team in delivering a strong cybersecurity system in SMRT, primarily for Operational Technology (OT) and Critical Information Infrastructure (CII) systems.

The Executive/Senior Engineer’s scope of work covers cybersecurity compliance, education and awareness programme, development and/or review of authorised operating documents as well as management reporting. He/she also provides Business Unit-level support and advice to the Line/Division in cybersecurity matters, including in the areas of monitoring, reporting and compliance checks.

In addition, he/she also supports in the areas of planning and execution of Tabletop Exercise as well as Knowledge Management.

Responsibilities

The duties and responsibilities are as listed below. Note that the list is not comprehensive and related duties and responsibilities may be assigned from time to time.

1. Conduct or support the conduct of cybersecurity surveillance/hygiene checks to validate whether the cybersecurity requirements are in place and adhered to.
2. Assist in establishing a cybersecurity awareness programme (including phishing simulation exercise) to strengthen cybersecurity awareness for all SMRT Trains staff.
3. Support the training programme to enhance the competency of Cybersecurity personnel.
4. Manage the regular report submissions of OT Cybersecurity events and exercises to the Management and Authority.
5. Assist in planning, coordinating and/or tracking key activities such as Cybersecurity Audits (internal and external), Risk Assessment (RA) and Vulnerability Assessment (VA) and ensure smooth execution and timely submissions to the Authorities.
6. Support cybersecurity assessments to determine whether the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the cybersecurity requirements.
7. Track findings, observations, and areas of improvements from Cybersecurity Audits, RA and VA until closure and report them for Management’s visibility.
8. Advise System Owners on the implementation of mitigating controls to address audit findings and risks or vulnerabilities at Medium High levels (if any).
9. Liaise with representatives from the Line/Division on the cybersecurity advisories from the Authorities to identify and check whether the product/ software/ operating system/ firmware etc, is affected by the cybersecurity vulnerabilities or threats and provide updates to the Authorities if any system is affected.
10. Support document/procedure review and update.
11. In-charge of Knowledge Management and Documentation Management Systems and ensure the Department’s documents are centrally updated as required.
12. Support the running of various meetings and/or workshops where OT Cyber Security team is involved.

Qualifications & Work Experience

• Degree in Electrical & Electronic Engineering, Computer Science or equivalent.
• At least 2 years of working experience in a similar role.
• EC-Council Certified Incident Handler (ECIH) or Certified Ethical Hacker (CEH) or Certified Information Systems Auditor (CISA) will be advantageous.

Skills

Technical skills include:
• Knowledge of cybersecurity principles, standards and processes, such as system/ network hardening.
• Knowledge in cybersecurity risk assessment and vulnerability assessment.
• Good knowledge in designing, implementing and troubleshooting Windows OS, IP network.
• Familiarity with regulatory frameworks such as the Cybersecurity Code of Practice (CCoP) will be advantageous.
• Ability to translate cybersecurity threats or risk to impacts on the OT environment and appropriate mitigation techniques will be advantageous.

Generic skills include:
• Good communication
• Proactive and adaptable
• Planning and organising skills
• Teamwork

SMRT Trains Ltd was incorporated in 1987 and operates Singapore’s first mass rapid transit system. Today, we manage and operate train services on the North-South Line, East-West Line, the Circle Line, the Thomson-East Coast Line, and the Bukit Panjang Light Rail Transit. With over 5,000 employees, more than 250 trains, and 141 km of rail tracks across 108 stations, we serve millions of commuters daily.