Principal Security Consultant

As the Principal Security Consultant, the individual must be a seasoned cybersecurity leader with a strong commitment to developing resilient, mission-aligned security programs that support the mandate of Singapore government agencies. Given the breadth and complexity of the public sector environment, the role demands deep expertise in both the technical and governance aspects of cybersecurity. It is a high-impact position suited for a strategic thinker who excels in dynamic, execution-focused settings.

Key Responsibilities:

1. Strategic Leadership:
   • Develop and implement cybersecurity strategies aligned with the agency's mission and national cybersecurity frameworks.
   • Serve as a trusted advisor to senior management on information security matters.
   • Provide expert guidance on cybersecurity risks and recommend effective mitigation strategies to senior management.
   • Establish and maintain a robust cybersecurity governance framework aligned with Whole-of-Government (WOG) wide advisories and best practices.
   • Conduct comprehensive risk assessments and vulnerability analyses.
   • Develop and implement effective risk management plans.
   • Ensure compliance with relevant regulations and standards (e.g., IM8, PDPA, NIST, CIS Benchmarks, and standards issued by the Cyber Security Agency of Singapore (CSA)).
2. Security Operations:
   • Oversee the monitoring and detection of security incidents, including presenting trending analyses to the customer C-level.
   • Lead incident response and recovery efforts, including driving root cause analysis and reporting to customers.
   • Manage security infrastructure and technologies to ensure effective protection and operational continuity.
   • Develop, standardize, and implement incident response plans to contain security incidents, mitigate risks, and minimize operational impact.
   • Provide guidance to infrastructure teams on responding to major Common Vulnerabilities and Exposures (CVEs).
   • Lead the development and ongoing refinement of security incident handling processes, ensuring security team adherence during BAU operations.
   • Drive governance of the security posture by monitoring performance metrics, threat intelligence, and posture assessments to continuously enhance cybersecurity maturity.
3. Policy and Compliance:
   • Lead the formulation and maintenance of cybersecurity strategies and workplans, policies, procedures, standards, and guidelines.
   • Ensure ongoing compliance with applicable laws, regulations, and standards.
   • Conduct regular security audits, assessments, and Gap analyses.
4. Awareness and Training:
   • Develop and deliver cybersecurity awareness and training programs.
   • Champion a strong cybersecurity culture through awareness, training, and stakeholder engagement initiatives.
5. Stakeholder Engagement:
   • Collaborate with other government agencies (e.g., GSOC, HTSOC, CSA etc.), industry partners, and international organizations.
   • Identify opportunities for security innovation and continuous improvement.
   • Represent the agency on cybersecurity matters.
   • Represent project teams in managing ACISOs and customer third-party VATP vendors to meet compliance requirements.
6. Team Management:
   • Build and nurture a high-performing, distributed information security team.
   • Provide leadership and mentorship, setting clear direction, expectations, and performance goals.
   • Support continuous professional development of security team members, including the attainment and maintenance of relevant certifications.
   • Perform resource planning to ensure sufficient coverage for all contracted security services.

Required Skills and Qualifications:

1. Extensive experience in information security management, particularly within complex or regulated environments.
2. Strong understanding of cybersecurity principles, frameworks (e.g., NIST, CIS), and technologies.
3. Proven ability to design, develop, and implement effective cybersecurity strategies and policies.
4. Excellent leadership, communication, and stakeholder engagement skills.
5. Knowledge of applicable laws, regulations, and standards.
6. Demonstrated experience in cloud security, including secure design and configuration of cloud environments.
7. Strong familiarity with Government Commercial Cloud (GCC) requirements and implementation best practices.

While specific requirements may vary between agencies, the following certifications are highly valued for the CISO role:

1. CISSP (Certified Information Systems Security Professional): Demonstrates broad expertise in information security principles and best practices.
2. CISM (Certified Information Security Manager): Focuses on information security governance, risk management, and program development.
3. CCISO (Certified Chief Information Security Officer): Designed specifically for those aspiring to or holding CISO positions.
4. Other certifications that can be helpful include:

• CISA (Certified Information Systems Auditor) - Focused on IT auditing and control assurance
• CRISC (Certified in Risk and Information Systems Control) - Focused on IT risk management and control