IT Security Officer (ITSO) - (Public Sector)

At Xtremax, this role supports goverment partner agencies in strengthening the resilience of government IT infrastructure. As an IT Security Officer (ITSO), you will be responsible for safeguarding mission-critical systems, managing security risks, and ensuring compliance with industry standards and policies. This role involves proactive monitoring, incident management, governance, and collaboration with multiple stakeholders to protect government digital assets against evolving cyber threats. Candidates with public sector experience are preferred, as this role supports IT projects for government agencies.

Responsibility:

Security Policy & Governance

• Develop and maintain IT security policies and action plans, reviewing them regularly to meet compliance requirements.
• Evaluate and recommend IT security products and solutions for adoption within the Customer’s IT infrastructure.
• Implement and manage risk assessment methodologies to ensure adherence to service management standards.
• Develop and enforce security management frameworks and governance structures.
• Perform additional activities necessary to secure the Customer’s IT infrastructure.

Incident & Threat Management

• Establish and manage IT Security Incident Management processes, including detection, response, and handling of incidents.
• Collaborate with external partners and suppliers for effective resolution of security incidents.
• Participate in industry-wide IT security incident simulations and technical assessment exercises.
• Conduct forensic investigations, including secure disk imaging and analysis, when required.
• Monitor, analyse, and report on emerging security threats, vulnerabilities, and recommended mitigations.

Stakeholder Engagement

• Conduct regular meetings with key stakeholders to highlight security issues and recommend improvements.
• Liaise with external suppliers, security organisations, and government stakeholders on IT security matters.

Reporting & Compliance

• Review and follow up on security reports generated from centralised tools, providing timely updates to the Customer.
• Manage IT asset inventory to ensure all servers, networks, and databases are onboarded and compliant with central security tools.

Must Have

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or related field.
• Must have 2–5 years or more of relevant experience.
• Proven experience in IT security, with strong focus on infrastructure security.
• In-depth understanding of information security principles, best practices, and regulatory requirements.
• Hands-on experience with security tools and technologies.
• Familiarity with forensic investigation techniques and tools.
• Strong analytical and problem-solving skills.
• Excellent communication skills, both written and verbal.
• Ability to work independently and collaboratively in a team setting.
• Experience liaising with external partners and suppliers on security matters.

Good to Have:

• Experience with Singapore Government Project will be advantageous.

Certificate Preferred:

• Certified Information Systems Security Professional (CISSP) 
• Certified Information Security Manager (CISM) 
• GIAC Certified Incident Handler (GCIH) 
• CompTIA Cybersecurity Analyst (CySA+)

By submitting your resume/CV, you consent and agree to allow the information provided to be used and processed by or on behalf of Xtremax Pte Ltd for purposes related to your registration of interest in current or future employment with us and for the processing of your application for employment.

You also represent to us that you have obtained the consent of your referees when you disclose to us their personal data for the purpose of conducting reference checks.

The personal data held by us relating to your application will be kept strictly confidential and in accordance with the PDPA. You may also refer to our Privacy Policy for more details here: 

We regret to inform you that should you not consent to providing the necessary data required for us to process your application, your application will be considered void.