Lead Information Security Specialist

At Singtel, we believe in the strength of a vibrant, diverse and inclusive workforce where backgrounds, perspectives and life experiences of our people help us innovate and create strong connections with our customers. We strive to ensure all our people practices are non-discriminatory and provide a fair, performance-based work culture that is diverse, inclusive and collaborative. 

Join us and experience what it’s like to be with an Employer of Choice*. Together, let’s create a brighter digital future for all. *Awarded at the HR Fest Awards 2020.

To perform cybersecurity risk assessment of new and existing programs. These programs can be on premises or outsourced.  The role includes but stretches well beyond IT risk and security, touching on aspects such as compliance, physical security, personnel security, incident management, business continuity and more. 

Responsibilities:

• Organizes, conducts and performs Cybersecurity risk assessment and gap analysis process.
• Establishes, reviews and verifies the Cybersecurity reviews conducted on Systems
• Designing processes to identify, improve and optimize Cybersecurity risk management practices
• Communicates and assist Business Units to address identified cybersecurity risks to meet business local objectives.
• Monitors compliance with the Cybersecurity Standards, Policy and Architecture.
• Conduct Cybersecurity risk management awareness program to drive risk management best practices/culture into the Business Units and Program Managers.
• Prepares and/or coordinates Monthly/Quarterly Cybersecurity related Risk Meeting.
• Providing security advisory and recommend resolutions for security threat and vulnerabilities
• Providing guidance and support to the respective security SPOC appointed by IT application domain
• Maintain cybersecurity risk register
• Performs all other Cybersecurity duties as assigned by the Management.

Requirements:

• Bachelor’s Degree in computer science, Computer Engineering, Electrical Engineering, or other relevant field of study
• Professional security management certifications such as a CISSP, CRISC, CISM, CCSP or other similar credentials, is required.
• At least 8 years of information security experience with at Least 4 years in security risk assessment
• Experience working as part of an internal Audit, Governance and Compliance team.
• Good understanding in the following areas: Platform Security, Data Security, Network Security, Physical Security, Security Assessment Tools, Security Monitoring Tools.  
• Strong understanding of IT Security risk, Audit and information security principles
• Strong understanding of information security framework and practices such as ISO27001, PCI-DSS and OWASP.
• Knowledge on the requirements and controls for compliance to PDPA and GDPR
• Strong analytical and problem-solving skills.
• Ability to multi-task and work as a team in a complex work environment, with minimal supervision
• Be able to communicate effectively with business user and project team
• Possess good working attitude and self-motivated to learn