AVP/VP (12 months contract), Cybersecurity (Governance, Risk & Compliance)

AVP/VP (12 months contract), Cybersecurity (Governance, Risk & Compliance)

Location: Singapore, SG,

Group: Corporate Group

Department: Cybersecurity

Section: Cybersecurity

Job Type: Contract

Temasek is a global investment company headquartered in Singapore, with a net portfolio value of S$389 billion (US$288b, €267b, £228b, RMB2.08t) as at 31 March 2024. Our Purpose "So Every Generation Prospers " guides us to make a difference for today's and future generations.

You'll be working in the Cybersecurity Department under the Governance, Risk, and Compliance unit, which reports directly to the CISO. The increasing reliance of businesses on technology means that cybersecurity and IT risk management is a strategically important function within Temasek.

Responsibilities

• Operationalizing the IT risk management framework, policies and standards, as well as conduct of compliance assurance activities, which include identifying and hunting for gaps and non-compliances in systems and other suppliers/vendors we use for IT operations.
• Maintain cybersecurity and IT risk management policies and standards, third-party vendor management as well as system criticality frameworks for the firm to ensure effective IT risk compliance and cyber defence.
• Modernise and optimize conduct of governance and oversight role through adoption of new/emerging technology and application to enable real-time update and maintenance of risk register, third party vendor assessment, leveraging on advanced analytics for trending and compliance monitoring.
• Ensure the conduct of risks assessment and implementation of secure System Development Life cycle (SDLC) by Technology and Business units in their development and maintenance of IT infrastructure and applications.
• Conduct periodic and ad-hoc assessments to monitor compliance with cybersecurity and technology policies and security controls design and operating effectiveness; review cybersecurity and technology risks; audit and operational risk issues to identify root causes and trends, and recommend appropriate remediation.
• Provide independent IT and cyber risk management advice to the business, technical & operations groups to contribute towards secure implementation of technology initiatives.
• Support the review and enhancement of third-party vendor risk management and establish a holistic framework and structure to manage this risk. Contribute to assessment of vendor risks via pre-contract due diligence processes and ensure development of mitigation plans by Business units.
• Identify and assess the impact of technology risks on projects and ensure effective controls are established by business/technology units to mitigate technology risks arising from change requests, new initiatives and processes.
• Proactively partner risk owners and manage risks to minimize impact from incidents, breaches or non-compliance. Conduct regular communication and refresher trainings to maintain a good level of cybersecurity and information risk awareness.
• Support incident response and carry out any other tasks as assigned.

Requirements

• At least 7 years of relevant experience in the field of cybersecurity and IT risk management, policy formulation, governance oversight, audits and risk management.
• Bachelor degree (and higher) in information security, engineering, cybersecurity and related field. Professional information security certifications such as CISA, CRISC, CISSP, CCSK/CCSP, CGEIT, CDPSE, are an advantage.
• Possess strong prior experience and knowledge in cyber and IT standards and policy review, oversight and governance, risk management and audit. Experience in cyber strategy and policy formulation and cyber programme execution will be an advantage.
• Strong technical background is important, with proven ability in technical security design and implementation.
• Possess cyber domain knowledge across areas such as AI, cybersecurity technology architecture and solutioning, SOC/MSS, application & infrastructure security, data & information protection, supply chain security, cyber architecture, quantum, cloud computing security and has knowledge of cyber regulations and compliance.
• Good knowledge in industry security practices, frameworks, and standards such as MAS TRM, ISO27001, Cybersecurity Code of Practice, and NIST Cybersecurity Framework including emerging AI related requirements and standards.
• Strong communication, interpersonal and leadership skills, with proven ability to manage multiple priorities, drive project teams and collaborate across business units and partners to achieve desired end-goals.