IT Tech Risk Analyst - #1099538

Benefit : 13th Month Salary

Key Roles and Responsibilities

• Conduct risk assessment on digital solutions and third parties. Identify potential risks and provide options to protect the OT critical infrastructure, ICT Infrastructure, application systems and cloud environment.

• Conduct compliance check on internal controls to ensure compliance with established policies and applicable regulations.

• Assist in developing policies, standards and guidelines to safeguard digital assets in adherence to business needs, industrial best practices and regulatory requirements.

• Provide advisory services to internal departments on business digital initiatives using Security By design / Zero Trust framework to ensure consistency in controls.

• Manage security projects and solution implementation activities that address cybersecurity risks.

• Plan, design and conduct cyber security incident response workshops and exercises (table-top exercises, simulation, and drills)

• Be aware of latest industry standards, regulatory requirements and the potential impacts to cybersecurity policies, standards and procedures.

Qualifications & Experience

• Minimum 5 years’ experience in Cybersecurity, Risk and Compliance

• Knowledgeable in security standards or regulations such as NIST, ISO 27001, SOC2, CCOP (SG), PDPA (SG), GDPR(EU), MPLS(CN), Security by Design

• Technical know-how and experience in solutions such as (but not limited to)

• Cloud Infrastructure, e.g. Azure, AWS, Huawei, Ali

• Cloud compliance e.g., Cloud Posture Management, Workload protectio

• Awareness Platform e.g., Proofpoint, Knowbe4

• Network Security e.g., F/W, IPS, Remote Access, NAC, Data Diode

• Content Security e.g., Web, Email protection

• End point Security e.g., AV, EDR, DLP

• Identify Protection e.g. MFA, Privilege access management

• Threat Management e.g., SIEM, UEBA, NDR, ASM, BAS

• GRC Tool e.g., RSA Archer

• Hardening guidelines for MS products, Linux

• Vulnerability Assessment and Application Testing Tool e.g., Tenable, Qualys, Veracode, Synopsys etc.

• System development lifecycle or DevOps framework

• Certifications such as CISA, CISM, CISSP, GICSP, CCSK, CRISC will be an added advantage

• Knowledge in OT solutions and security will be an added advantage