Information Technology Security Manager

We are seeking an experienced IT Security Manager (ITSM) to lead the implementation of IT Security Strategy across on-premises and cloud environments. The ideal candidate will work closely with internal IT teams and external vendors to uphold and enhance our cybersecurity posture.

Key Responsibilities:

1. Incident Response & Security Monitoring

• Work closely with SIRO/SIRM, IT Security Officer (ITSO) and SOC to monitor, detect, and respond to threats on-premises and on cloud.
• Lead Security Incident Response (IR) and post-mortem analyses for cybersecurity incidents arising from security threat events.
• Stay current with emerging threats, vulnerabilities, and threat intelligence related to cloud platforms.
• Disseminate security advisories, threat intelligence reports, security directives, and patch recommendations promptly to the relevant stakeholders in the agencies.
• Partake in tabletop exercises, security risk management activities, audits and third-party assessments to enhance incident response readiness.

2. Security Product Management

• Monitor security events on SIEM (e.g. Splunk, Cortex, Exa beam), perform event triage and analysis.
• Perform Vulnerability Assessments (Tenable Nessus) on applications (e.g. web client/server, mobile apps), networking and computing devices (e.g. firmware, Operating System).

3. Security Governance & Compliance

• Lead and conduct periodic security reviews to ensure adherence to IT Security Policies, Standards, Controls and industry best practices.
• Recommend and implement security initiatives and enhancement based on findings from tabletop exercises (TTX) and audits.
• Monitor and ensure compliance with secure configuration standards across network, systems and endpoint (i.e. CIS Hardening) at agencies.
• Analyse Vulnerability Assessment (VA) scan results, track and report remediation status according to the stipulated timeframe.

4. Network, Systems and Endpoint Security

• Manage, configure, and optimize security tools and platforms to ensure effective integration with network and IT infrastructure.
• Manage network, system, endpoint and runtime security of on-premises and cloud environments.
• Perform regular reviews of accounts for both on-premises and on cloud systems/applications.

5. Documentation and Reporting

• Implement and update security policies, technical baselines, Standard Operating Procedures (SOPs).
• Maintain documentation of security incidents, vulnerability assessments, security checklist, security controls and policies.
• Prepare and deliver regular reports to update security performance metrics, incident trends, compliance status and risk mitigation efforts.
• Ensure timely escalation and reporting of cybersecurity incidents to management and stakeholders.

6. Collaboration and Stakeholder Management

• Provide guidance and mentor a team of IT Security Officers (ITSOs).
• Collaborate with various IT teams (e.g. Infrastructure, Applications, Project) and external vendors to implement and maintain security controls and measures.
• Act as the key liaison with stakeholders (e.g. SIRO/SIRM, IT, Application Teams) and cloud service providers to align security practices with organizational cybersecurity strategies and compliance requirements.

Requirements:

Education & Experience

• Bachelor’s degree in information security, Computer Science, or related field.
• Minimum 5 years of experience in IT Security leadership role, with preferably 1 year in Cloud Security.
• Singaporean only.

Technical Skills

• Hands-on experience with security tools (e.g. SIEM, WAF, AV, EDR, PAM, DAM).
• Deep understanding of vulnerability management, threat analysis, and incident response processes.
• Good understanding of secure network design, endpoint security, and system hardening techniques.
• Familiarity with ICT security compliance frameworks, cybersecurity standards, and risk management practices.
• Familiar with IaC security (e.g. Terraform, CloudFormation) and CI/CD security.

Certifications

• Professional certifications such as CISSP or CISM are preferred.
• Cloud certifications such as CCSP, AWS Certified Security, Specialty, Azure Security Engineer Associate or equivalent would be advantageous.

Other Skills

• Strong analytical and problem-solving skills with attention to detail.
• Effective communication skills, both written and verbal, with the ability to clearly articulate security risks and recommendations.
• Ability to work independently with minimal supervision and collaboratively within a team in a dynamic and fast-paced environment.
• Proactive mindset with a continuous improvement attitude towards cybersecurity operations.