Cyber Risk and Data Governance Lead, Information Technology Division

Ministry of Law

Permanent/Contract

Closing on 15 Sep 2025

What the role is

The Ministry of Law (MinLaw) is seeking an experienced candidate to join its Information Technology Division to strength its efforts in cyber risk and data governance. This role will lead critical initiatives supporting MinLaw's regulatory divisions in governing their respective sectors.
The successful candidate will spearhead the development of comprehensive risk management strategies, formulate security guidelines, and conduct thorough gap analyses to bolster cybersecurity and data protection practices across regulated entities.
Key responsibilities include overseeing industry security posture through rigorous audits and inspections, maintaining meticulous risk registers, and driving improvement initiatives. The ideal applicant will design and implement competency-building programmes for regulatory division officers, lead incident response efforts, and liaise effectively with government agencies during investigations.
Additionally, they will develop targeted awareness programmes for regulated sectors, provide expert advice on security certifications, and ensure alignment with industry best practices, including PDPC and CSA standards. This position demands a strategic thinker with exceptional leadership skills, capable of significantly elevating cybersecurity maturity across both internal divisions and external regulated entities, thereby contributing to Singapore's vision of a secure and technologically advanced nation.

What you will be working on

You will collaborate with various stakeholders (including management teams, project teams, external MinLaw's partners and outsourced vendors) in the following areas:
1. Strategic Leadership and Policy Development

• Spearhead the formulation of comprehensive risk management strategies, frameworks, policies, and processes for MinLaw's regulatory Divisions to govern the cybersecurity posture of regulated sectors.

• Develop and maintain relevant cybersecurity and data protection guidelines, advisories, and self-assessment checklists for regulated entities.
2. Risk Assessment and Gap Analysis

• Conduct thorough gap analyses to identify cybersecurity and data protection risks within regulated sectors.

• Evaluate entities' ICT security posture and maturity levels against industry standards (e.g., PDPC, CSA checklists).

• Ensure all guidelines and advisories remain current with industry best practices through regular reviews and updates.
3. Governance and Compliance

• Oversee the security posture of regulated industries through on-site inspections and management of independent audits.

• Review audit reports and lead the implementation of remediation and improvement initiatives.

• Maintain a comprehensive Security Risk Register to track waivers, risk acceptance, and corrective action plans.
4. Management Support and Capacity Building

• Assist Division management in cybersecurity and data protection matters, including work plan approval, resource allocation, and risk acceptance decisions.

• Develop and implement programmes to enhance cybersecurity competencies of regulatory Division officers.
5. Incident Response and Management

• Design and conduct security incident response workshops and exercises, including table-top simulations and drills.

• Provide expert guidance to regulatory divisions on handling cyber and data incidents reported by regulated entities.

• Oversee incident investigations, coordinating with relevant government agencies and enforcement bodies as necessary.
6. Awareness and Education

• Develop and drive cybersecurity awareness programmes and educational initiatives for regulated entities.

• Lead seminars and workshops to promote best practices in cybersecurity and data protection.
7. Certification and Standards

• Advise regulated divisions on guiding their entities towards obtaining relevant cybersecurity and data protection certifications.

• Stay abreast of evolving industry standards and certification requirements.
8. Stakeholder Management

• Liaise effectively with internal divisions, regulated entities, government agencies, and other relevant stakeholders.

• Foster a culture of cybersecurity awareness and compliance across all levels of the organisation and regulated sectors.

What we are looking for

*Key Competencies*

• [Systems Thinking]: Connect issues with larger system and identify inter-dependencies across issues/ domains/ agencies

• [Deep Critical Thinking]: Distil critical issues and sense-make from a wide range of information, arriving at effective policy solutions

• [Co-create and Co-deliver with External Stakeholders]: Mobilise stakeholder to co-create and co-deliver solutions to policy issues
Qualification or experience in cybersecurity and data protection, e.g.:

• Professional certifications such as CISSP, CCSP, CISM, or CISA.

• Certified Information Privacy Manager (CIPM) or equivalent.

• Certified Information Privacy Professional/Asia (CIPP/A) or equivalent, or IMDA-accredited certifications for Data Protection Officer (DPO).

• Management experience as a DPO.

• Expertise in ICT operations, security policies, and business processes.

• In-depth knowledge of Singapore's Personal Data Protection Act (PDPA) and its practical application.
Successful candidates will be offered a 1-year contract in the first instance.

About Ministry of Law

In Singapore, having the rule of law and advancing people's access to justice are not just lofty ideals but the backbone of a functioning and a progressive society. At the Ministry of Law, not only do we contribute to developing the legal frameworks and policies that uphold our way of life, but also to providing community legal services that Singaporeans benefit from. The key policies we oversee include Singapore's legal and intellectual property infrastructure, the civil and criminal justice systems as well as land resources.
Our officers are experts from different fields, and enjoy an excellent and challenging career in a fast-paced environment with plenty of opportunity to grow. If you share our vision of shaping the future of Singapore, you will definitely fit right in here at MinLaw.

About your application process

This job is closing on 15 Sep 2025.

If you do not hear from us within 4 weeks of the job ad closing date, we seek your understanding that it is likely that we are not moving forward with your application for this role. We thank you for your interest and would like to assure you that this does not affect your other job applications with the Public Service. We encourage you to explore and for other roles within Ministry of Law or the wider Public Service.