IT Security Specialist

**About Us**
The mission of Housing & Development Board (HDB) is to provide affordable, quality housing and a great living environment where communities thrive. To achieve its mission, HDB aims to be data-driven to the core and adopt evidence-based decision making in developing better housing policies service, improving service delivery and optimising operations

**What Will You Do?**
- Develop and implement enterprise-wide ICT security programmes as follow:
i. Establish the cybersecurity governance structure for HDB to ensure that the security posture is robust, resilient, and pragmatic

ii. Enhance and update the IT security policy, standards, procedures so that they are always current against the evolving cyber security landscape

iii. Perform compliance checks on IT systems and IT security programmes to enforce implementation of IT security standards and procedures
- Establish the governance for the Identity and Access Management Policy and Process
- Establish the governance and administer the Third-Party Management Policy and Procedure
- Develop, maintain, and operationalise a Threat Risk Assessment framework for HDB to identify and mitigate the threats and risks in its IT systems and programmes
- Work with key stakeholders to improve the cybersecurity posture and resiliency of IT projects. Related works include Threat Risk Assessment, project specific cybersecurity specification, cybersecurity proposals evaluation, cybersecurity design review, System Security Acceptance Test and review, Vulnerability Assessment and Penetration Test.
- Secure Code practice and security scanning
- Vulnerability Assessment and Penetration Testing (VAPT)
- Software Composition Analysis (SCA)
- DevSecOps
- Procure & Maintain Security Tool such as Code scanner, Web Pen Test scanner
- Manage and promote IT security awareness and outreach programme.

You are also to:

- keep abreast of the latest industry ICT security practices and technologies as well as emerging threats and vulnerabilities and recommend appropriate controls for implementation to improve the enterprise security posture.
- lead and/or participate in the adoption of new technological advances and best practices in infrastructure security systems to mitigate security risks

**You will be a Great Fit if you**:

- Possess a strong background in ICT Security, Information Security, Information Technology, Computer Science, Engineering (Computing/Telecommunication), Cybersecurity and/or Digital Forensic or equivalent
- At least 1 years of direct and relevant full-time ICT security work experience

Preferably possess one or more appropriate IT security certifications, such as CISSP, CRISC, CISM, CISA, CEH, etc
- Preferably with strong knowledge and experience in information and cybersecurity risks, controls, vulnerability assessment/penetration testing, compliance, and industry IT/cyber security best-practices.
- Domain knowledge of access control; telecommunications and network security; cloud security; Cybersecurity & information security governance and risk management; software development security; cryptography; security architecture and design; operations security; security incident response and management; business continuity and disaster recovery planning; legal regulations, investigations, and compliance; physical (environmental) security
- Knowledge in IT security principles and IT controls as well as industry best practices and frameworks pertaining to IT Controls (IM8, COBIT, ISO27001/2 etc.)
- Good understanding of the current IT/Cyber Security landscape

**Good to Have**:

- Possess good interpersonal and communication skills
- Demonstrate a strong sense of urgency and have good troubleshooting and problem-solving skills with good attention to detail
- Willing to work beyond business hours including weekend when necessary
- Have good command of written and oral English
- Great Attitude to bring the best out our team
- Team Player; we work together as a team
- Autonomous
- Take ownership