Information Security Officer | 11000

Key Responsibilities

1. Cybersecurity Management

• Track, manage, and escalate cybersecurity incidents and critical security threat events to the Agency as required.
• Disseminate security advisories, threat intelligence reports, security directives, and patch recommendations promptly to the relevant stakeholders in the Agency.
• Conduct information security awareness training sessions to cultivate a security-conscious culture among staff.
• Lead or assist in conducting tabletop exercises and security risk management activities to enhance incident response readiness.

2. Security Product Management

• Perform vulnerability scanning and security assessments on applications (client/server, mobile apps) deployed in the corporate networks using Tenable and Nessus.
• Analyze vulnerability scan results, recommend remediation actions, and track resolution status.
• Utilize Splunk or security tools for security event monitoring, log collection, and analysis of security incidents.
• Perform onboarding and vulnerability scanning of computing devices before connecting to the corporate network to ensure compliance with cyber hygiene standards.

3. Compliance and Reviews

• Conduct periodic security reviews and audits to ensure adherence to the Agency's ICT and cybersecurity incident response plans.
• Perform security assessments of ICT systems, including detailed log analysis and reporting.
• Recommend and support implementation of security improvements based on audit findings and emerging threat landscapes.

4. Network and Security Integration

• Manage, configure, and optimize security tools and platforms to ensure effective integration with the network and IT infrastructure.
• Implement, regular updates and maintain security policies, technical baselines, and standard operating procedures (SOPs) to protect the Agency's IT environment.
• Monitor and ensure compliance with secure configuration standards across systems and devices.

5. Documentation and Reporting

• Maintain detailed and up-to-date documentation of security incidents, vulnerability assessments, security checklist, security controls, and related policies.
• Prepare and deliver regular reports on security performance metrics, incident trends, compliance status, and risk mitigation efforts.
• Ensure timely escalation and reporting of major and cyber risk incidents to management and relevant stakeholders.

6. Collaboration and Advisory

• Work closely with other IT teams (e.g., Infrastructure, Application, Project teams) and external vendors to support, implement, and maintain security solutions.
• Provide security advisory and recommendations to support projects, system implementations, and procurement activities to ensure security-by-design principles are embedded.
• Collaborate with the Agency to align security practices with organizational cybersecurity strategies and compliance requirements.

7. Project Specific

The candidate should possess in-depth knowledge and hands-on experience in the following core areas:

• Information Security Governance (Core):
• Knowledge of information security policies, standards, and procedures
• Ensuring compliance with relevant industry standards and regulations (e.g., ISO 27001, GDPR, HIPAA)
• Conducting regular risk assessments and managing the organization's risk register
• IM8 Policy for On-Prem Infrastructure Security.

Requirements

• Bachelor's degree in computer science, Information Technology, Cybersecurity, or a related discipline.
• Professional certifications such as CISSP, CISM, GIAC,
  or equivalent would be advantageous.
• 10 years of experience in maintaining comprehensive information security programs for enterprise environments and have overall responsibility for managing and coordinating the performance and delivery of the services in the contract.
• Hands-on experience with security tools such as Tenable, Nessus, and Splunk.
• Solid understanding of vulnerability management, threat analysis, and incident response processes.
• Knowledge of secure network design, endpoint security, and system hardening techniques.
• Familiarity with ICT security compliance frameworks, cybersecurity standards, and risk management practices.

Apply, please kindly email your updated resume to

.

Only shortlisted applicants will be notified.

APBA TG Human Resource Pte Ltd (14C7275) || Akshya R (R