Security Analyst

The Security Analyst reports to the Manager, Technology (Security).
- Manage the design and implementation of preventative and detective security processes and procedures.

This role will take care of these key work areas:
**Security Policy Planning and Standards**
- Maintain the security policies, frameworks/standards and procedures/processes in alignment with government regulations.
- Conduct regular briefing and training to internal staff and contractors on the latest security measures, vulnerabilities, and security trends.

**Security Audit Management**
- Manage audit activities (Interna/External) and track and ensure all audit findings are duly closed.
- Manage compliance monitoring and improvement activities to ensure conformance to ISO/IEC 27000 certification and regulatory compliance.

**Cybersecurity Risk Management**
- Manage and ensure authorised access in alignment with the organisational, regulatory requirements. E.g. reviewing, approving, revoking access grants and maintaining exception tracking.
- Maintain risk register and track to ensure the risk items are mitigated and closed in accordance to stipulated timeline.
- Perform risk assessments for new NEMS projects and escalate key risks to EMC Technology Management Team.

**Security Change Control and Project Support**
- Manage change control for security related aspects of project implementation or operational enhancements to ensure proper risk assessment has been performed.
- Support operational and project implementations, by providing security advice and guidance and ensure compliance to established framework, policies, and regulations.
- Identify projects’ security risks and come out with specific security requirements or mitigation measures to address the risks.
- Assist the project owners to evaluate vendors’ security solutions' and assess vendor’s security solution architecture and processes.

**Security Operations Management**
- Assist in Security Operations Management to maintain the security infrastructure availability by tracking the performance of the Managed Security Services (MSS).
- Manage external vendors to provide the 24x7 support and track their performance to ensure compliance to the SLA. Oversee and manage the detection and monitoring of cyber threats to the Company’s Information Technology Systems together with the Security Operation Centre.
- Manage Penetration Testing, Application Source Code Vulnerability Assessment and Vulnerability Assessment (VA) process, review and validate the assessment reports.
- Perform tirage and assessment of the criticality/impact and manage the tracking of security incidents together with Technology Infrastructure and Application teams.

**Requirements**:

- Degree in IT, Engineering or Science; or equivalent
- Minimum of 3 years’ working experience on Supporting cybersecurity risk and controls management programs with good knowledge and experience of cybersecurity frameworks and regulatory requirements.
- Operational knowledge of security processes and standards in all security domains. High level knowledge of security audit and audit processes. Broad IT knowledge and experience a plus.
- Experience in the energy industry and/or public service is advantage.
- Experience in ISO 27001, NIST Framework and Security by Design (SBD) Framework
- Understanding of Singapore Government security protocols and best practices
- Excellent verbal communication skills and possess good vendor management skills.
- Good project management skills with the ability to lead and execute security risk and control projects and initiatives.