Senior Security Engineer

Experience Required:

• 9+ Years of Experience is required

• Relevant certifications in identity and access management (such as CISSP, CISM, CISA, CGEIT, or vendor-specific certifications) would be advantageous.

• Professional audit certifications such as CIA (Certified Internal Auditor) or CISA (Certified Information Systems Auditor) would be highly beneficial.

• Experience with automation tools and scripting to improve operational efficiency would be beneficial.

• Knowledge of Singapore Government security standards and compliance frameworks would be an added advantage.

• Familiarity with GRC (Governance, Risk, and Compliance) platforms and audit management systems would be preferred.

Technical Experience

• Proven experience in Identity and Access Management, with particular expertise in user access reviews and privileged access management systems such as CyberArk.

• Hands-on experience with enterprise identity management platforms and access governance tools.

• Strong understanding of identity governance principles, including role-based access control (RBAC), segregation of duties, and principle of least privilege.

• Experience with identity management lifecycle processes including provisioning, de-provisioning, and access certification.

IAM Audit and Assessment Skills

• Demonstrated experience in conducting IAM audits and access assessments across complex enterprise environments.

• Proficiency in audit methodologies and frameworks specific to identity and access management, including COBIT, COSO, and ITIL.

• Strong analytical skills with ability to identify patterns, anomalies, and potential security risks through data analysis and system reviews.

• Experience with audit tools and technologies for automated access analysis, reporting, and compliance monitoring.

• Knowledge of forensic analysis techniques for investigating access-related security incidents and policy violations.

• Ability to develop and execute comprehensive audit programmes covering all aspects of identity lifecycle management.

Process Management Skills

• Demonstrated ability to manage complex, multi-stakeholder processes with high attention to detail and accuracy.

• Experience in coordinating with diverse stakeholder groups to achieve compliance and operational objectives within tight timeframes.

• Strong project management skills with ability to handle multiple concurrent initiatives whilst maintaining quality standards.

• Experience in process documentation, improvement, and standardisation activities.

Compliance and Risk Management

• Knowledge of regulatory compliance requirements related to access management and data protection, including GDPR, SOX, and industry-specific regulations.

• Understanding of risk assessment methodologies and ability to identify and mitigate identity-related security risks.

• Experience supporting audit activities and maintaining comprehensive audit trails for access management activities.

• Knowledge of compliance frameworks and standards such as ISO 27001, NIST Cybersecurity Framework, and COBIT.

Documentation and Reporting

• Strong technical writing skills with ability to produce clear, comprehensive audit reports and compliance documentation.

• Experience in creating executive-level reporting and dashboards for IAM metrics and compliance status.

• Ability to translate complex technical findings into business impact assessments and actionable recommendations.

• Proficiency in data visualisation tools and techniques for presenting audit findings and compliance metrics.

Communication and Stakeholder Management

• Excellent interpersonal and communication skills with ability to work effectively with stakeholders at all organisational levels.

• Strong problem-solving abilities with experience in exception handling and issue resolution.

• Ability to translate technical concepts into business language for non-technical stakeholders.

• Experience in managing audit relationships and coordinating with external auditors and regulatory bodies.