Share this Job

Senior Manager, Vendor Security Governance

Date: 14-Apr-2019

Location: Singapore, Singapore

Company: Singtel

The position will be part of the Information Security team within Group Information Technology.

The position will ensure that all material contracts will comply with Third Party Service Provider (TPSP) Cybersecurity Risk Governance Framework. The Framework will include inventory, assessment, reporting, training, vendor coordination, and provide risk advisory to key business stakeholders.

The position will be responsible to keep Business Stakeholders aware of their roles and responsibilities in third party cybersecurity governance, especially in the areas of  inventory, scheduling of audit reviews, ensuring that highlighted cybersecurity risk are explained, the business unit leadership team understands how to address the risks to an acceptable level and adhere to Singtel’s Cybersecurity Risk Management Framework.

The position will need to schedule TPSP cybersecurity risk assessment and review the assessment reports from internal or external reviews.

The position will work closely with their peers and other department team members to ensure cybersecurity risks are identified and addressed to an acceptable level.

The position will be responsible to continuously improve TPSP Cybersecurity Risk Governance Framework by ensuring that the process and tools are effectively implemented on all material contacts.

The position will be responsible to ensure that there is sufficient budget to operate the TPSP Cybersecurity Risk Governance Framework



Risk Advisory Engagement

  • Responsible to establish, communicate and maintain TPSP Cybersecurity Risk Governance Framework.
  • Ensure that Cybersecurity requirements are practical and communicated to all relevant parties.
  • Coordinate and schedule assessment review work to ensure all important TPSP reviews are conducted annually.
  • Ensure identified cybersecurity risks are registered and tracked.
  • Communicate identified cybersecurity risks to stakeholders and provide the required risk advisory to assist the stakeholders to make the appropriate decision to address the identified risks.
  • Ensure stakeholders adhere to the TPSP Cybersecurity Risk Management Framework.
  • Work with Group Legal, Risk and Procurement to ensure that TPSP Cybersecurity Risk Management Framework remains relevant to each Business Units.

Administrative Support

  • Work with Business Units and Procurement to maintain an accurate inventory of TPSP.
  • Ensure all Business Units stakeholders understand and comply with the TPSP cybersecurity risk governance framework through awareness campaigns.
  • Provide regular updates on state of compliance and risk tracking.

Customer Experience

  • Demonstrate professional, pro-active qualities in dealing with internal clients and stakeholders.
  • Attend required meetings on information security governance, risk, and compliance topics.

Process and Procedure

  • Assist in the development, implementation and maintenance of TPSP policies, standards, and operating procedures as required.
  • Escalate issues arising from policy non-compliance to the reporting manager.
  • Implement and maintain metrics to ensure that the performance and compliance to Singtel Group security requirements are measured and reporting requirements are met.

Continuous Improvement

  • Maintain strategic vendor partnerships, relevant education and certification.
  • Complete relevant security education and training as required.
  • Keep abreast of relevant technology to improve service delivery.
  • Identify areas of improvement in delivering services.
  • Keep all role related technical documentation current.
  • Create or improve technical documentation where it is lacking.

Communication and Teamwork

  • Work with all stakeholders to meet security requirements.
  • Promote knowledge sharing, effective communication and teamwork with peers.




  • Bachelor Degree in Computer Science, Computer Engineering, Electrical Engineering or other relevant field of study
  • Minimum 2 years of practical experience in vendor security management.  
  • Minimum 6 to 10  years of experience as an Information Security Professional
  • Experience working as part of an internal Audit, Governance and Compliance team.  
  • Advanced understanding in the following areas: Platform Security, Data Security, Network Security, Physical Security, Security Assessment Tools, Security Monitoring Tools.  
  • Advanced understanding in the following areas: Security Governance Standards, Business Continuity Planning, Enterprise Risk Management, Computer Security Incident Response, and Security Compliance Audits. 
  • Good analytical and communication skills.
  • Ability to work as a team member and independently with minimal supervision.
  • Have exposure to other compliance audits such as PCI-DSS, SSSAE, ISO27K, SOX, and other information security framework   




Good to have:

  • Professional security management certifications such as a Certified Information Systems Security professional (CISSP), Certified Information Security Manager (CISM) or other similar credentials, is preferred.

Find similar jobs: