Share this Job

Director, Technology Security Compliance

Date: 19-Jan-2023

Location: Singapore, Singapore

Company: Singtel Group

At Singtel, we're working on projects that push the boundaries of digital, realising our vision and purpose to Empower Every Generation. We have a dynamic and diverse team, with a passion for innovation, and talent to deliver cutting-edge digital solutions and immersive customer experience.

 

In Group IT, we create great technology that can change the future, and we're looking for people to be part of our digital and 5G journey. If you like to work in a dynamic, leading communications technology group to deliver innovations and excellence across the region, come join our digital, software engineering, data and cyber security teams!

 

Apply now, and ignite our digital future together.

 

The role of this position is to lead and manage the Technology Security Compliance Program, in defining, implementing, and operating a security compliance function. The role includes creating and operationalising the technology security compliance program; establishing and maintaining the technology security compliance framework and relevant assessment toolkits; evaluates the compliance level of security controls against established policies and standards; and provide recommendations to mitigate the risk, security gaps tracking and governance reporting.

Responsibilities:

  • Establish and oversee a Group Technology Security Compliance program incorporating compliance methodology using industry practices and standards.
  • Develop and maintain the compliance framework, assessment toolkits and testing procedures based on the business threat landscape and regulatory requirements
  • Plan, prioritize and manage yearly scope, logistics and resources using a pragmatic approach. Leverage external resources to augment internal capabilities to achieve program objectives
  • Responsible for leading assessments related to IT infrastructure, applications and platforms against corporate policies, regulatory requirements, and best practices
  • Evaluate the effectiveness and compliance level of internal security controls, identify areas of improvements, and provide recommendations for remediation
  • Report, monitor and track security gaps to closure
  • Develop and maintain excellent working relationships with BU stakeholders, Business Information Security Officers, internal audit department and other key stakeholders at the Group level to ensure technology systems are secured according to the Group’s security requirements.
  • Review the assessment reports carried out by the team members or vendors and provide guidance to them for improve team performance
  • Record and track identified security gaps to closure, including escalating non-performance to business owners to take corrective actions to close gaps on a timely basis. Security gaps are to be recorded into the designated risk managed platform for consistency
  • Develop and maintain a register of common security gaps, controls and recommendation knowledge database to drive consistency in the delivery of the compliance service
  • Identify and implement initiatives to improve and optimise the Program by leveraging on digital solutions, data analytics, automation and industry practises
  • Provide regular reporting to Group Cyber Resilience VP and Management on security postures of Systems. Provide insights into risk trends and areas of improvements
  • Provide feedback loop to security and data protection policy owners to keep policy requirements relevant and up to date with emergent cyber threats and regulatory landscape.
  • Provide ad-hoc due diligence and Merger and Acquisition (M&A) support to GCR or other Singtel Group BU as needed

Requirements:

  • Bachelor Degree in Computer Science, Computer Engineering, Electrical Engineering or other relevant field of study
  • Minimum 5 years of experience as Technology Security Compliance
  • At least 12 years relevant information security working experience
  • Experience working as part of an internal Audit, Governance and Compliance team or Risk Compliance consulting services.  
  • Professional security management certifications such as a Certified Information Systems Security professional (CISSP), Certified Information Security Manager (CISM), Certified Information System Auditor (CISA) or other similar credentials, is required.
  • Strong understanding of Technology Compliance, IT Security risk, Audit and information security principles
  • Strong understanding of regulatory requirements and information security standards such as IMDA Code of Practice for broadcasting and telecommunications, MAS TRM, PCI-DSS CIS Controls, NIST, ISO27001, and OWASP.
  • Knowledge on the requirements and controls for compliance to PDPA and GDPR
  • Experienced Cybersecurity leader who has successfully built and managed a Cybersecurity risk advisory / assessment function
  • Strong relationship management, analytical, problem solving, communication, influencing, planning and presentation skills.
  • Ability to develop and coach cyber security technical knowledge to the next line of cyber security professional
  • Good technical understanding in the following areas: Platform Security, Data Security, Cloud Security, Infrastructure Security, Network Security, Physical Security, Security Assessment Tools, Security Monitoring Tools.