Information Security Officer (ITSO) | Singaporean Only ! - #1124714

Key Responsibilities

1. Cybersecurity Management

• Track, manage, and escalate cybersecurity incidents and critical security threat events to the Agency as required.

• Disseminate security advisories, threat intelligence reports, security directives, and patch recommendations promptly to the relevant stakeholders in the Agency.

• Conduct information security awareness training sessions to cultivate a security-conscious culture among staff.

• Lead or assist in conducting tabletop exercises and security risk management activities to enhance incident response readiness.

2. Security Product Management

• Perform vulnerability scanning and security assessments on applications (client/server, mobile apps) deployed in the corporate networks using Tenable and Nessus.

• Analyze vulnerability scan results, recommend remediation actions, and track resolution status.

• Utilize Splunk or security tools for security event monitoring, log collection, and analysis of security incidents.

• Perform onboarding and vulnerability scanning of computing devices before connecting to the corporate network to ensure compliance with cyber hygiene standards.

3. Compliance and Reviews

• Conduct periodic security reviews and audits to ensure adherence to the Agency’s ICT and cybersecurity incident response plans.

• Perform security assessments of ICT systems, including detailed log analysis and reporting.

• Recommend and support implementation of security improvements based on audit findings and emerging threat landscapes.

4. Network and Security Integration

• Manage, configure, and optimize security tools and platforms to ensure effective integration with the network and IT infrastructure.

• Implement, regular updates and maintain security policies, technical baselines, and standard operating procedures (SOPs) to protect the Agency’s IT environment.

• Monitor and ensure compliance with secure configuration standards across systems and devices.

5. Documentation and Reporting

• Maintain detailed and up-to-date documentation of security incidents, vulnerability assessments, security checklist, security controls, and related policies.

• Prepare and deliver regular reports on security performance metrics, incident trends, compliance status, and risk mitigation efforts.

• Ensure timely escalation and reporting of major and cyber risk incidents to management and relevant stakeholders.

6. Collaboration and Advisory

• Work closely with other IT teams (e.g., Infrastructure, Application, Project teams) and external vendors to support, implement, and maintain security solutions.

• Provide security advisory and recommendations to support projects, system implementations, and procurement activities to ensure security-by-design principles are embedded.

• Collaborate with the Agency to align security practices with organizational cybersecurity strategies and compliance requirements.

7. Project Specific

The candidate should possess in-depth knowledge and hands-on experience in the following core areas:

• Information Security Governance (Core):

• Knowledge of information security policies, standards, and procedures

• Ensuring compliance with relevant industry standards and regulations (e.g., ISO 27001, GDPR, HIPAA)

• Conducting regular risk assessments and managing the organization’s risk register

• IM8 Policy for On-Prem Infrastructure Security.

Requirements

• Bachelor's degree in computer science, Information Technology, Cybersecurity, or a related discipline.

• Professional certifications such as CISSP, CISM, GIAC, or equivalent would be advantageous.

• 10 years of experience in maintaining comprehensive information security programs for enterprise environments and have overall responsibility for managing and coordinating the performance and delivery of the services in the contract.

• Hands-on experience with security tools such as Tenable, Nessus, and Splunk.

• Solid understanding of vulnerability management, threat analysis, and incident response processes.

• Knowledge of secure network design, endpoint security, and system hardening techniques.

• Familiarity with ICT security compliance frameworks, cybersecurity standards, and risk management practices.

Apply, please kindly email your updated resume to [email protected].

Only shortlisted applicants will be notified.
APBA TG Human Resource Pte Ltd (14C7275) || Akshya R (R24122440)