Manager, Cybersecurity

COMPANY DESCRIPTION
National Gallery Singapore is a leading visual arts institution which oversees the world's largest public collection of Singapore and Southeast Asian modern art. Situated at the birthplace of modern Singapore, in the heart of the Civic District, the Gallery is housed in two national monuments - City Hall and former Supreme Court - that have been beautifully restored and transformed into this exciting 64,000 square metre venue. Reflecting Singapore's unique heritage and geographical location, the Gallery aims to be a progressive museum that creates dialogues between the art of Singapore, Southeast Asia and the world to foster and inspire a creative and inclusive society. This is reflected in our collaborative research, education, long-term and special exhibitions, and innovative programming. The Gallery also works with international museums such as Centre Pompidou, Muse d'Orsay, Tate Britain, National Museum of Modern Art, Tokyo (MOMAT) and National Museum of Modern and Contemporary Art, Korea (MMCA), to jointly present Southeast Asian art in the global context, positioning Singapore as a key node in the global visual arts scene.

In 2020, the Gallery was the only museum in Southeast Asia that received a ranking in The Art Newspaper's annual global survey of attendance at art museums, taking 20th place. In 2018, the Gallery was also the first museum in Asia to receive the Children in Museums Award by the European Museum Academy and Hands On International Association of Children in Museums. It also won the awards for "Best Theme Attraction" at TTG Travel Awards 2017, "Best Attraction Experience", "Breakthrough Contribution to Tourism" and "Best Customer Service (Attractions)" at the prestigious Singapore Tourism Awards in 2016 for its role in adding to the vibrancy of Singapore's tourism landscape.

We offer job opportunities in our dynamic organisation. Working at the Gallery enhances and cultivates your love for the arts, and offers you a chance to be part of the Gallery's vision.

**OUR PEOPLE**

At National Gallery Singapore, we develop cultural leaders who make the world better. Our people are united by a shared belief in the power and necessity of art, and work together to create meaningful experiences for our visitors.

DESIGNATION : Manager, CyberSecurity & IT Governance

RESPONSIBILITIES

**Key Responsibilities**:

- **Cybersecurity Strategy & Implementation**:
- Develop and implement a comprehensive cybersecurity strategy tailored to the museum's needs.
- Oversee the deployment of security technologies (firewalls, intrusion detection, anti-malware) and ensure their proper operation.
- Conduct vulnerability assessments and penetration testing on systems, networks, and devices to identify and mitigate risks.
- **IT Governance, Data Governance & Compliance**:
- Establish and enforce IT governance policies in line with industry standards and legal/regulatory requirements (e.g. PDPA, ISO27001) and how they interact with IT governance and cybersecurity strategiesCollaborate with museum leadership to align cybersecurity policies with strategic goals.
- Monitor and ensure compliance with internal governance frameworks, data privacy laws, and external audit requirements.
- Collaborate with the Data Governance team to establish and enforce data governance policies, standards, and procedures, ensuring alignment with the overall IT governance strategy.
- Implement and oversee frameworks for data protection, data lifecycle management, and regulatory compliance, including data classification and data handling standards.
- **Incident Response & Management**:
- Develop and manage the incident response plan, ensuring rapid and effective response to cybersecurity incidents, including data-related breaches
- Coordinate with external agencies and partners for threat intelligence and reporting.
- Conduct post-incident analysis and ensure continuous improvement in response tactics.
- Work with Data Governance and IT teams to ensure proper logging, monitoring, and alerts for data breaches or unauthorised access to sensitive data.
- **Risk Management**:
- Lead cybersecurity risk assessments and establish risk management plans, considering threats to museum data, artwork security systems, and visitor information.
- Implement controls to safeguard sensitive information (e.g., donor data, collections inventory, financial records).
- Maintain up-to-date risk registers and report on the security posture of museum systems.
- Conduct regular risk assessments and audits of data governance processes to identify gaps in data security and compliance.
- Partner with the Data Governance team to monitor compliance with data protection regulations, including conducting privacy impact assessments and data breach investigations.
- **Staff Training & Awareness**:
- Create and deliver cybersecurity awareness training for museum staff, volunteers, and contractors.
- Promote a culture of security awareness and ensure best