Manager, Cybersecurity

Job Req ID: 17375 

The Cybersecurity Lead / SA (Cybersecurity) reports to the Head Cybersecurity of the business unit, with the following roles & responsibilities:

Responsibilities:

• To conduct periodic cybersecurity vulnerability assessment for the respective business unit and liaising with Group IT, SOC or Project teams for remediation.
• To perform system hardening and regular checks on security compliance based on the various relevant policies.
• Maintain awareness of evolving cybersecurity threats, threat detection and protection techniques to safeguard existing systems.
• To provide cybersecurity awareness training, technical advisory and consultancy to the business unit, like regular security messages, eLearning or webinars.
• To respond to cybersecurity incidents and work with SOC, IT or Project teams for investigation and remediation.
• To review and update the project security devices and their rule sets or policies, where applicable eg. Firewall, Intrusion Protection System, Web Proxy, Web Application Firewall (WAF), Network Access Control (NAC), Antivirus, Data Loss Prevention (DLP) and ensure relevancy and security compliance.
• To support Business/System/Projects Audit. To compile, analyse and follow-up on the audit findings, including preparation of reports as required.
• To assist in updating the company’s Policy and SOPs as well as regularly review the requirements and standards specified to meet both the Authority’s requirements and industry security standards.
• Review Cybersecurity-related clauses in project contracts. Draft security guidelines based on relevant policies from company or the Authority.
• Audit existing projects on security compliance against relevant policies such as company and Authority’s policies or industry standard eg. CIS benchmark level 2. Review network or standalone project computers for security non-compliance and track til closure.
• To assist to conduct security scans for Indicators of Compromise (IOC), vulnerability assessment of the Computing Environment or potential security threats as directed by the Authority or CISO.
• Assist Head Cybersecurity / Head Security on their investigations where necessary on computer security breaches.
• To assist in resolving project security gaps which are needed by project teams to enhance their security posture or audit compliance.

Requirements:

• At least 6 years of relevant working experience.
• Bachelor’s degree in Computer Science, Information Systems, or related field.
• Strong understanding of security trends and technologies. Proficient in various cybersecurity technologies and protocols to identify, prevent, and mitigate threats.
• Excellent communications, writing and presentation skills. Effective communication skills to collaborate with different departments, train employees on security protocols, and explain complex cybersecurity concepts in layman’s terms.
• Strong understanding of risk management and incident response procedures.
• Strong analytical skills to assess potential risks and vulnerabilities to develop strategic plans in enhancing the security infrastructure.
• To stay up-to-date on the latest security threat landscape and industry trends in cybersecurity.
• Good understanding of compliance requirements for data privacy and protection in the relevant industry.
• Good knowledge of regional and global cybersecurity frameworks, such as NIST, ISO 27001, SOC 2, and CIS Controls.

Preferably possess one of the following certifications:

• CISSP (Certified Information Systems Security Professional)
• CISM (Certified Information Security Manager)
• SSCP (Systems Security Certified Practitioner)
• GIAC Security Leadership Certification (GSLC)
• CISA (Certified Information System Auditors) or its’ equivalent