Assistant Manager

Job Function Information Technology (Cybersecurity)Job Summary The Assistant/ Deputy Manager- Cybersecurity Governance, Risk and Compliance (Information Technology) will play a key role in strengthening the organisation’s cybersecurity posture across its supply chain operations. He/she will be responsible for developing, implementing, and maintaining governance frameworks, risk management processes, and compliance programmes ensuring the organisation’s security posture aligns with regulatory expectations, business objectives, and risk tolerance. He/she will be involved working closely with business units, IT teams, and external stakeholders to ensure compliance with regulatory requirements, industry standards, and internal security policies. He/she will also ensure that the cybersecurity framework aligns with the increase in velocity of changes in order to uphold the protection of the cyberspace for the organisation. Equipped with an analytical mindset and communication skills, he is a problem solver and adept at managing a diverse group of stakeholders. Job Responsibilities/Key Tasks Cybersecurity Governance Develop, implement, and review cybersecurity policies, standards, and procedures in alignment with organisational needs and national frameworks (e.g., CSA, IM8). Drive awareness and training programmes to embed a culture of cybersecurity across the organisation. Provide guidance to business units on secure practices and policy adherence. Cybersecurity Risk Management Conduct regular risk assessments on IT systems, operational technologies, and supply chain processes to identify vulnerabilities and threats. Assess the cybersecurity risk of third-party vendors with an appropriate level of detail. Identify controls to address gaps in third-party vendor relationships and monitor the implementation of controls. Establish risk registers, recommend mitigation strategies, and track remediation activities. Monitor emerging cybersecurity risks, particularly those affecting logistics, warehousing, and transportation systems. Liaise with the application project team on Penetration test findings closure and improvement; track findings and ensure timely closure. Ensure Cyber risk registers are kept up to date and risks are calculated accurately. Cybersecurity Compliance and Audit Ensure compliance with regulatory requirements (e.g., PDPA, Cybersecurity Act, MAS TRM) and global standards (ISO 27001, NIST). Coordinate and support internal/external audits and customer security assessments. Maintain and update compliance documentation, audit evidence, and reports. Conduct assurance reviews to validate governance adherence and expected outcomes. Collaborate with technology and business teams to automate compliance checks and audit processes. Assess third-party vendor cybersecurity risks, define and monitor controls, and track remediation. Oversee security operations service providers in managing cybersecurity incidents and operations. Support deployment of cybersecurity solutions and assist in resolving security-related issues. Monitor, detect, and ensure timely remediation of cyber threats, risks, and vulnerabilities. Stay current with emerging threats, technologies, and industry best practices; recommend controls and solutions. Plan, conduct, and oversee vulnerability assessments and penetration testing, ensuring timely closure of findings. Incident Preparedness & Reporting Support the development and testing of cybersecurity incident response and business continuity plans. Ensure governance and compliance aspects are addressed during incident investigations and post-mortems. Report cybersecurity metrics and compliance status to senior management and relevant committees. Others Undertake assigned projects or duties as directed by Management. Job Requirements Proficient in MS Office Applications / Microsoft Power Platform Applications and social media platforms. Strong analytical and problem-solving skills, with the ability to assess risks and propose practical mitigation strategies. Positive attitude and willingness to learn. Strong written and verbal communication skills. Basic understanding of cybersecurity principles and best practices. Ability to explain technical concepts to non-technical audiences. Strong attention to detail and a commitment to maintaining accuracy and consistency in all communications. Self-motivated and proactive, with a demonstrated ability to work independently and take ownership of assigned tasks and priorities in a fast-paced environment. Ability to manage multiple tasks simultaneously and carry out tasks assigned by Management. Team player with strong collaboration skills to work with IT, operations, and external vendors. Professional Qualifications & Relevant Experience Bachelor’s degree in Cybersecurity, Information Security, Computer Science, or a related discipline. Professional certifications preferred: CISM, CISSP, CRISC, ISO 27001 Lead Implementer/Auditor, or equivalent. 5-8 years of relevant cybersecurity experience, with at least 2–3 years in governance, risk, and compliance functions. We are an equal opportunities employer and welcome applications from diverse candidates. #J-18808-Ljbffr