Client Information Security Lead (Infra Enterprise)

NCS is a leading technology services firm that operates across the Asia Pacific region in over 20 cities, providing consulting, digital services, technology solutions, and more. We believe in harnessing the power of technology to achieve extraordinary things, creating lasting value and impact for our communities, partners, and people. Our diverse workforce of 13,000 has delivered large-scale, mission-critical, and multi-platform projects for governments and enterprises in Singapore and the APAC region. 

We’re searching for a Client Information Security Lead (Infra Enterprise) to be part of our diverse team of talents here at NCS!

If you believe in going above and beyond, want to exemplify the best, and wish to bring people and technology together like never before, then we would love to have a conversation with you!

Overview

Security, privacy, and operational resilience are critical issues facing all organizations today. We are currently looking for qualified and capable security minded individuals to be the driving force managing security governance throughout the lifecycle of client projects. You will proactively elevate the overall service quality to our Client while managing the necessary cyber security risk posture of NCS.

What we seek to accomplish together:

To support the LOB as an independent (i.e. Line 2) Info-security Advisory, Compliance Assessment and Security Incident Response Management. You will work as the interface between NCS Enterprise SBG practice and NCS Corporate HQ-wide cybersecurity leadership, driving organization-wide cyber security strategy, implementation, and in turn, ensuring client and practice requirements are fed back into the continual improvement of relevant strategy, policies and standards.

• To ensure cyber key risk indicators and controls are simplified, relevant and effective for risk monitoring, reporting and mitigation, and in compliance with NCS Cyber Security Policies, government legislation (e.g., IM8, Public Sector Data Security, PDPA) and industry good practice.
• Conduct independent internal risk assessment on NCS Client-facing projects to identify weakness and provide recommendations for improvement e.g. thematic assessment, Risk Mitigation and Corrective & Preventive Action Plan.
• Alignment with business’ leaders to better understand the business’ goals and to bake appropriate security controls into the environment considering people, processes and automation.
• Act as a cyber security incident response advisor on potential security matters. Partner as Subject Matter Expert (SME) with key business stakeholders including Risk Management, Legal, NCS IT, Cyber Incident Response Team, People & Culture and any external institutions (e.g. PDPC) that are critical to the success of cyber security.
• To drive the cyber security program and to improve cyber awareness for data security and its impact to the organisation.
• To enhance efficiency and improve reliability of operational security compliance and monitoring process using automation mechanism e.g. scripts and tooling.
   

A little bit about you:

• Degree/Diploma or higher in Computer Science, Information Systems or equivalent
• At least one industry recognized security certification is, such as Certified Information Security Management (CISM), Certified Information Systems Security Professional (CISSP)
• 5+ years of hands-on experience in information/cyber security risk assessment practice e.g. in the domains of Governance, Risk & Compliance, Secured-design Engineering, Cyber Security Operations, Incident Response, and/or Vulnerability Management
• In-depth working knowledge of cybersecurity risk assessment, thematic audit, data or security governance framework e.g. NIST, CIS20, IM8, etc
• Knowledge of information security principles, IM8, ISO 27001 controls, Center for Internet Security (CIS) controls, Cloud Controls Matrix (CCM) controls
• Hands-on experience with hybrid cloud infrastructure or system security, security technologies and tooling, e.g., identity access management, remote access management, endpoint security, network security & administration, and application security e.g. OWASP 10 (API, web, LLM, mobile)
• Added advantage with experience in security incident response, infrastructure/application penetration testing, bug bounty program, vulnerability assessment, monitoring of secrets in public repository, and cloud security operation
• Senior stakeholder management and working across various parts of the organization
• Team player with good interpersonal and communication skills both written and verbal

We are driven by our AEIOU beliefs—Adventure, Excellence, Integrity, Ownership, and Unity—and we seek individuals who embody these values in both their professional and personal lives. We are committed to our Impact: Valuing our clients, Growing our people, and Creating our future.  

Together, we make the extraordinary happen.  

Learn more about us at ncs.co and visit our LinkedIn career site. 

We handle all profiles with the highest level of confidentiality.