Senior Manager, Information Security

To develop and drive effective cyber security advisory and assurance programs in Group Enterprise (GE), Singtel. Establish and/or maintain an information security governance framework and supporting processes to ensure that the information security strategy is aligned with business unit (BU) goals and objectives. Manage information risk to an acceptable level based on risk appetite in order to meet BU goals and objectives. Develop and maintain an information security program that identifies, manages and protects the BU’s assets while aligning to information security strategy and business goals, thereby supporting an effective security posture.

**Responsibilities**:

- Establish security architecture for BU aligned to Group Cyber Resilience. Accountable for ensuring that security infrastructure operations handling the cybersecurity defences (e.g. firewalls, endpoint detection & response) remain current and relevant, such as analysing system protection effectiveness, security analytics, user behaviour analytics.
- Administer compliance with Group Cyber Resilience policies and procedures through ongoing security reviews, audits and assessments.
- Strong analytical skills with the ability to collect and analyse significant amounts of information. Capable of summarising and presenting analysis from significant amounts of information to constructively drive actions and decisions. Conduct security risk assessment, business impact analysis and develop security risk treatment plan.
- Analyze organisational and operational environment, such as assess & document threats, determine system protection needs. Collaborate with stakeholders for risk management, mitigation, and remediation measure.
- Leverage Group Cyber Resilience to deliver security awareness training program to foster a secure culture, improve security awareness and compliance.
- Partner with internal and external audit teams, to manage and effect audits from a compliance & point-in-time perspective, to a risk-driven, continuous proactive compliance approach.
- Point of contact to assist and advise Line-of-Business for cyber security related matters. Strong interpersonal and communication skills with the ability to interact with technical SMEs and business stakeholders and present to senior management stakeholders.
- Strong analytical skills with the ability to collect and analyse significant amounts of information, capable of summarising and presenting analysis to constructively support management to drive actions and decisions. Identify, analyze cyber risks, evaluate and recommend risk treatments. Support the development of information security strategy using techniques such as SWOT analysis, gap analysis. Ensure that risk assessments, vulnerability assessments and threat analyses are conducted consistently, and to identify and assess risk to the BU’s information. Analyze BU's information security controls and their effectiveness. Perform cost/benefit analysis to assess risk treatment options.

**Requirements**:

- Degree/Diploma or higher in Computer Science, Information Systems or equivalent
- At least one security certification is preferred, such as Certified Information Security Management (CISM), Certified Risk Information Security Control (CRISC), Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP) or Certified Third Party Risk Professional (CTPRP)
- At least 8 years of experience in IT Risk Management, Governance or Compliance.
- Understanding of control and risk management concepts including control testing, risk assessments, risk treatment and third-party risk.
- Knowledge of risk management policies, methods, standards, processes, governance models, and both quantitative and qualitative risk analysis approaches.
- Knowledge of common information security management frameworks, such as ISO 27001-5, COBIT and NIST, including 800-53 and Cyber security Framework.
- Information security core competencies, e.g. Access Control (Authentication, Authorization, Access), Network Security, Application Testing, Configuration Management, Mobile System Security, Digital Forensics, Cyber Threat Hunting