Lead Security Consultant

Company background:

Focus Computer Pte Ltd has been operating since 1989, and is an established leader in the IT hardware and software fulfilment space in Singapore. We have provided a stable environment for our employees since our inception and we believe in taking care of our employees through thick and thin. We have established Focus Digitech Pte Ltd in order to meet the growing demands for digital transformation by our customers, and we have an opportunity to hire a Lead Security Consultant our growing team. Your entry point into the company does not limit the potential you have to rise within the company to other roles as your aspirations and attitudes may propel you towards. We believe that paper qualifications can only tell us so much, and we believe in hiring people with the right skills and not just certifications (although we will accord due credit if you have them). So, come discover your full potential with us as we take Focus Digitech to the next level of leadership in digital technologies

Key Responsibilities:

• Conduct gap analysis of existing on-prem data centre and cloud infrastructures, identifying and assessing gaps in the overall security posture.
• Conduct comprehensive risk assessments to identify and mitigate security risks associated with information systems and processes.
• Lead and coordinate system security acceptance testing to ensure that all security requirements are met before systems are deployed.
• Collaborate with development and engineering teams to integrate security-by-design principles into the SDLC.
• Develop and maintain security policies, standards, and guidelines to ensure compliance with industry standards and regulatory requirements.
• Provide expert advice on security architecture and design, ensuring robust protection mechanisms are implemented.
• Manage vulnerability assessments and penetration testing to identify and address security weaknesses.
• Develop and deliver security training and awareness programs for employees and stakeholders.
• Stay current with emerging security threats, technologies, and trends, and provide recommendations for continuous improvement.
• Assist in the development and implementation of incident response plans and participate in security incident investigations as needed.
• Prepare detailed reports and documentation for management, highlighting security risks, mitigation strategies, and compliance status.

Qualifications:

• At least 5 years of experience in information security, with a focus on risk assessment, system security acceptance testing, and security-by-design.
• Professional certifications such as CISSP , CISM, or equivalent.
• In-depth knowledge of security frameworks and standards such as ISO 27001, NIST, CIS Controls, and Cybersecurity Act of 2018.
• Strong understanding of risk management methodologies and the ability to perform comprehensive risk assessments.
• Proven experience in system security acceptance testing and validating security controls.
• Expertise in integrating security-by-design principles into the SDLC.
• Familiarity with security tools and technologies such as SIEM, IDS/IPS, Firewalls, Endpoint Protection and Wazuh.
• Strong in technological architectures (infrastructure / application), both in on-premises data centres and cloud infrastructures.
• Excellent communication and interpersonal skills, with the ability to explain complex security concepts to non-technical stakeholders.
• Strong analytical and problem-solving skills, with attention to detail.
• Ability to work independently and as part of a team in a fast-paced environment.
• Experience with cloud security and working with cloud service providers such as AWS, Azure, or Google Cloud.
• Knowledge of regulatory requirements and standards relevant to the industry (e.g., PCI-DSS, HIPAA).

If you meet the qualifications above and are passionate about working with cutting-edge technology, we encourage you to apply. We offer competitive salary packages and excellent benefits.