Cybersecurity Team Lead

Roles & Responsibilities

Company:

Sopra Steria is a listed European tech leader specializing in Consulting, Digital Services, and Software. With 60,000 employees worldwide across Europe, North America and Asia, Singapore serves as the HQ for our APAC operations. We focus on delivering Infrastructure, Cloud and Cybersecurity services across the region.

Description:

For this project, we are forming a team of 6 (including 1 team lead) to perform the following scope of works:

(i) Security Risk Assessment

(ii) Security Policies, Standards, Guidelines, And Procedures Review

(iii) Security Design

(iv) Application Security

(v) Vulnerability assessment and

(vi) System Security Acceptance Testing

We are seeking a highly skilled and experienced Team Lead to join our dynamic team. The ideal candidate will possess deep technical knowledge, strong leadership skills, and a proven track record

in managing cybersecurity projects.

Responsibilities:

• Lead and oversee the execution of comprehensive security risk assessments across a wide range of environments, including on-premise, cloud (AWS, Azure), DevOps, IoT, and thirdparty ecosystems
• Drive and review complex vulnerability assessments, ensuring thorough analysis of findings, prioritization of risks, and development of actionable mitigation strategies
• Lead the design and review of enterprise security policies, standards, and procedures, ensuring alignment with organizational goals and compliance with regulatory frameworks (e.g., NIST, ISO 27001, CSA, MAS)
• Guide and mentor team members in application security activities including secure code reviews, threat modeling (e.g., STRIDE, PASTA), architecture reviews, and secure SDLC integration
• Provide technical leadership in cloud security architecture reviews, including cloud configuration audits, IAM analysis, encryption practices, and hybrid cloud governance
• Oversee System Security Acceptance Testing (SSAT) activities, define security test strategies, validate controls, and ensure secure integration of systems before go-live
• Manage the development and communication of risk reports and executive summaries, ensuring findings are clearly articulated, business-aligned, and actionable
• Act as the primary point of contact for clients and internal stakeholders, ensuring timely delivery of cybersecurity engagements, maintaining high quality and client satisfaction
• Provide thought leadership across all six cybersecurity domains and stay up to date with emerging threats, tools, and frameworks to continually improve the team's capabilities
• Coach, mentor, and develop junior team members, fostering a collaborative and technically strong team culture

Requirements:

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or related field (Master's degree is a plus)
• Professional certifications such as CISSP, CISM, OSCP, CCSP, CISA, or equivalent are strongly preferred
• Minimum 5–8 years of experience in cybersecurity consulting with demonstrated leadership in risk assessment, application security, cloud security, policy & compliance, security by design, and vulnerability management
• Proven experience working in and securing cloud environments (AWS, Azure, GCP), with a solid understanding of native tools and best practices
• Strong hands-on experience in threat modelling methodologies (e.g., STRIDE, PASTA) and security testing in CI/CD environments
• Deep knowledge of relevant regulatory frameworks and standards (e.g., NIST 800-series, ISO 27001, CIS Controls, MAS TRM)
• Demonstrated project and people leadership experience, with the ability to lead multiple engagements simultaneously
• Strong stakeholder engagement, client management, and executive communication skills
• Ability to think strategically, lead technically, and drive high-impact outcomes in dynamic environments

Benefits:

• Regular team buildings
• 18 leave days / year
• Insurance: GP, Hospitalisation, Dental and Optical Insurance
• Annual bonus
• Working hours: from 8:30am to 6pm Monday to Thursday, 8:30am to 5:30pm Friday
• Training and certifications paths

Tell employers what skills you have

Application Security
Risk Assessment
Cloud Security
Vulnerability Management
AWS
ISO
Information Technology
ISO 27001
Audits
CISA
Acceptance Testing
Vulnerability Assessment
CISSP
Threat Modeling

---