IT Security Officer

Your new role
Security Architecture

• Contribute to the design and implementation of centralised cloud security capabilities for systems under the CISO's remit
• Design secure system architectures in line with best practices, and lead proof-of-value (POV) initiatives
• Lead threat modelling exercises and propose risk mitigation strategies
• Review Vulnerability Management and Penetration Testing findings, triage and translate results into actionable remediation plans
• Provide hands-on configuration for AWS security services such as KMS, certificate management, and IAM
• Work with infra/platform teams to define how logs and security telemetry from AWS workloads are collected, normalised, and made available to central tooling (e.g. security analytics or observability platforms)

Security Engineering with Product Team

• Act as the security engineer embedded within the product teams, for systems under the Product Office
• Review and provide clear and actionable guidance on cloud solution and infrastructure designs, including but not limited to:
  • Account and landing zone patterns
  • VPC and network segmentation
  • Identity and access management (IAM)
  • Data protection, logging, monitoring, and workload security
• Recommend and design fit-for-purpose security controls that balance protection, usability, and delivery speed
• Work closely with product and platform teams to embed security-by-design into architectures, CI/CD pipelines, and day-to-day engineering practices
• Improve security posture on existing systems such as:
  • Identifying control gaps via automated checks and design reviews
  • Prioritising and implementing remediation actions
  • Implementing improvements in a sustainable way
• Perform simple, scoped penetration testing activities to validate key security controls and surface potential weaknesses, complementing automated checks and design reviews
• Define and implement automated checks to validate that key cloud controls are in place and effective, for example via:Infrastructure-as-code scanning
  • Cloud configuration and posture management tools
  • Automated policy checks in CI/CD pipelines
• Translate control requirements into controls as code", collaborating with engineering teams to implement them (e.g. Terraform modules, guardrails, or policy-as-code)
• Continuously refine automated checks to address emerging threats, incident learnings, and evolving GovTech requirements
• Partner closely with infra/platform teams and product teams to co-design secure patterns, resolve design trade-offs, and ensure secure adoption of cloud services
• Communicate complex cloud security topics in clear, outcome-focused language tailored to engineers, architects, and non-technical stakeholders
• Provide regular, concise updates to the CISO on key risks, residual issues, and progress on control uplift across systems under the CISO's remit

What you'll need to succeed
5+ years in cloud platform or cloud security engineering, with strong security exposure and hands-on cloud project work (design, implementation, troubleshooting)
Cloud security & IaC skills: Strong proficiency in Cloud (networking, IAM, KMS/BYOK, logging/telemetry, containers/serverless, CI/CD) and IaC tools to design, implement, and automate cloud security controls
Controls & automation: Familiar with automated control validation (e.g. cloud posture checks, IaC scanning, pipeline-integrated checks) and expressing controls as code together with infra/platform and product teams
Qualifications & attributes: Cloud Solution Architect and/or Cloud Security certifications strongly preferred; pragmatic, outcome-focused individual contributor, comfortable embedded with engineering teams while reporting directly to the CISO

What you need to do now
If you're interested in this role, click 'apply now' to forward an up-to-date copy of your CV, call or whatsapp Eric at Hays on +65 86789212 or email [email protected] for a confidential discussion.
Referrals are welcome.
EA Reg Number: R26160884
EA License Number: 07C3924 | Company Registration No: 200609504D