Cybersecurity Engineer

Reporting to the Director, Information & Communications Technology (ICT) and  Manager (Cybersecurity), you will play a crucial role in ensuring the security and compliance of the College's information systems. Your primary responsibility will be to implement and maintain the ISO 27001 standard, which sets the framework for an effective Information Security Management System.

You will communicate new key security initiatives and risks to the ICT team to ensure comprehensive understanding and identification of information risks. Knowledge and experience in cybersecurity technologies, risk assessment, incident response and vulnerability management will be vital in ensuring integrity, confidentiality and availability of our systems. You will coordinate internal and external audits to assess the College's compliance with ISO 27001 standards and other relevant regulations and collaborate with auditors and stakeholders to address audit findings and implement corrective actions.

This role is employed directly by the University of the Arts Singapore Limited.

The key responsibilities include but are not limited to the following:

• Analyse and correlate information security events to identify appropriate event handling actions.
• Perform security assessments and penetration testing to identify vulnerabilities in network infrastructure, applications and systems.
• Collaborate with relevant teams to implement necessary security controls and safeguards.
• Collate document information related to IT security attacks, threats, risks and controls.
• Establish review procedures based on the College's security risk management plan.
• Evaluate effectiveness of current incident response plan against industry's best practices.
• Identify threats and risks that are relevant to the College's operations and systems.
• Monitor the effectiveness of action plans in addressing information risks.
• Prepare information security performance reports based on results from analysis and correlation of information security events.
• Assist to implement security policies, standards and procedures by considering the threats identified and other information collected.
• Assist to implement and manage security monitoring tools and systems to detect and respond to potential security incidents.
• Monitor security logs, investigate suspicious activities and recommend appropriate actions.
• Test incident response plans periodically to ensure response times and executed procedures are acceptable.

Requirements:

• Preferably a bachelor's degree in computer science, information systems, infocomm security management or related professional qualifications from an established university.
• Preferably three years and above or equivalent of relevant experience in IT support, network, systems, cybersecurity type function.
• Diploma holders with eight years and above of relevant experience may apply.
• Candidates without relevant working experience or possess a polytechnic diploma with at least five years of relevant experience may apply and will be considered for an entry-level or executive level equivalent role.
• Strong understanding of incident response procedures and security incident handling including escalating to other support groups.
• Experience in security management and security governance including managing ISO 27001 standards within an organisation is an added advantage.
• Resourceful with good problem-solving, presentation and data analytics skills.
• Strong written communication skills and interpersonal skills.
• Able to work well independently and as a member of a team, and collaborate with colleagues at all levels.