Senior Manager

**About our client**

Our client is a leading port group and trusted partner to cargo stakeholders. Their global network encompasses 160 locations in 42 countries around the world. The Group’s portfolio comprises over 60 deep-sea, rail and inland terminals, as well as affiliated businesses in supply chain management, logistics, marine and digital services.

**Senior Manager (Cybersecurity Governance)**

**Job Overview**:

- You will gain a wealth of experience and exposure as well as possible stints with overseas offices in Europe and Asia.
- You will gain exposure and experience supporting cyber ecosystem risk assessments and security improvements to enable both future port development and cargo solutions orchestration.
- This position reports to the Group CISO.

**Responsibilities**:
You will:

- Be responsible, along with other team members, for cybersecurity governance and Operations at Corporate Centre as part of cybersecurity responsibilities at Singapore.
- Be responsible for cybersecurity policy, standards, procedures and roll-out.
- Support and feedback to the development, review and documentation of the company’s IT security policy, procedure, standard and framework.
- Conduct regular security assessments to identify vulnerabilities in the organization’s security system.
- Conduct User Engagement during the roll-out of new IT Security standard framework and process.
- Provide support for IT Security Committee activities.
- Be responsible for cybersecurity operations.
- Collect, analyse, and report on IT Security metrics to ensure comprehensive monitoring and assessment.
- Enhance and maintain endpoint security measures, ensuring robust control and protection.
- Oversee the management of security vulnerabilities, events and requests, ensuring timely resolution and mitigation.
- Supervise user account operations, conduct regular reviews, and enforce access controls to maintain security integrity.
- Lead the Cyber Incident Response Team (CIRT) during incident response processes, ensuring effective and coordinated actions and provide Level 2 or 3 incident response on a 24x7 on-call basis.
- Develop and improve cybersecurity incident response plans, coordinate, conduct or participate in related table-top exercises, cybersecurity incident drills, and red/purple teaming exercises.
- Support the investigation and remediation of IT security incidents or policy violations, ensuring compliance and security standards are upheld.
- Manager user awareness training and education.
- Promote cybersecurity awareness through training, sharing programs, and engagement events for employees, contractors, and other relevant parties.
- Plan, design and execute regular Phishing Exercises to identify high risk targets for further awareness training.
- Review group advisories and contextualise them for BU cascade.
- IT Security Solution, Assessment and Project Support.
- Lead and manage projects relating to cybersecurity to elevate the cybersecurity posture across group of business units.
- Provide IT Security solutioning risk assessment and guidance for IT systems and project implementation (on premise and cloud based).
- Evaluate, test and support implementation of new security systems, tools, and services.
- Perform cybersecurity risk assessments on various architectures, system and network designs and their components.
- Design or display technological solutions, architecture and establish demand aggregation and consumption across business classes and units.

**Job Requirements**:

- Good experience in cybersecurity governance.
- Have experience in developing cybersecurity standards.
- Good experience and knowledge performing cybersecurity risk assessments.
- Conducted cybersecurity vulnerability analysis and determined mitigating controls.
- Good project management skills, experience in project planning, management and implementation of cybersecurity frameworks (NIST, ISO).
- Prior maritime, logistics or transportation knowledge with international experience would be advantageous.
- Experience working with cyber security and in a regulated environment will be an added advantage.

**Skills**:

- At least a Degree in Computer Science or related discipline ( _Essential). _
- At least 10 years of cybersecurity experience ( _Essential). _
- At least 5 years of cybersecurity governance or assurance experience.
- Practical knowledge of security standards e.g., ISO 27001/2, NIST, CSA-CCM, etc.
- Good understanding of cybersecurity maturity models e.g., C2M2, CMMC or CMMI.
- Good understanding of threat modelling e.g., MITRE ATT & CK framework.
- Good understanding of risk governance e.g., COBIT.

**Personalities**:

- Strong communication, interpersonal, analytical and problem-solving skills.
- Able to work as a team as well as independently.
- Willingness to get hands dirty and adopt a growth mindset.
- Willingness to accept workload peaks and troughs.
- Willingness to travel at short notice.
- Good project management s