IT Security Officer

About NCS

NCS is a leading technology services firm with presence in Asia Pacific and partners with governments and enterprises to advance communities through technology. Combining the experience and expertise of its 12,000-strong team across 66 specialisations, NCS provides differentiated and end-to-end technology services to clients with its NEXT capabilities of digital, cloud, platforms as well as core offerings in application, infrastructure, engineering and cyber security. NCS also believes in building a strong partner eco-system with leading technology players, research institutions and start-ups to support open innovation and co-creation. For more information, visit www.ncs.co

Will you be part of the extraordinary?

We're guided by our vision of advancing communities, and bringing people and technology together to make the extraordinary happen. NCS creates end-to-end technology solutions and services clients with its NEXT capabilities of digital, cloud, platforms as well as core offerings in Applications, Infrastructure, Engineering and Cyber Security, working on projects that impact millions every day. ​With our passion to innovate, you can tell that we're more than ready to meet the future. Join us and be part of this extraordinary journey too.

What will you be expected to do?

The successful applicant will be maintaining and supporting the IT security of IT infrastructure system, with the support from operation team. This is a challenging and interesting role in the IT industry, which we are looking to fill with an individual who a team-player is willing to adapt to the requirements of the position, which may vary during your time of employment.

• Prepare IT security policies and action plans for review at least once a year or upon the request
• Evaluate IT security products and solutions features for use within the organization
• Implement the risk management methodology and comply with Service Management Requirement (ITSM)
• Develop and implement security management frameworks and governance
• Implement IT Security Incident Management and handle IT security incidents
• Work with other Government-appointed Suppliers to resolve IT security incidents
• Participate and assist in Government/public sector and services-wide IT security incident response table-top exercises and technical assessment exercises
• Perform disk image acquisition for forensic investigation purposes within three (3) days when required by the Representative and to protect the acquired disk image from tampering. The disk image acquisition tool, subject to approval by client, shall be provided by the cloud service provider
• Analyse and update GovTech on the latest security problems, risks and solutions
• Meet with client monthly or as determined to highlight security issues and propose improvements to the client
• Liaise and co-ordinate meetings on IT security matters relating to the GPCS with Government-appointed Suppliers, security organisations and the Government
• Perform other activities necessary to secure the GPCS

Tasks list

1. Develop SOPs and maintain IT Security Policy (ITSM)
2. Conduct annual security briefing (TSM)
3. Handle risk acceptance and deviations from IT Security Policy (ITSM)
4. Maintain IT security risk register
5. Generate and follow-up on baseline scan and hardening compliance checks
6. Compile and review Access Rights Report
7. Manage and track security advisories from GITSIR, TAB and Principals
8. Generate and follow-up on VMS scan results
9. Review and follow-up on security logs/events
10. Review NIPS events and assist on implementing new signatures
11. Handle security alerts from CWC, GICS, security devices
12. Manage incident response and handling process
13. Handle firewall change requests
14. Handle change requests (including code scan results)
15. Handle reporting (Service Management, PWC, Ops Meeting, Weekly Security Update)
16. Attend Governance meetings (weekly, monthly and adhoc) (ITSM)
17. Participate, drive (from start until closure) audits (ITSM)

The ideal candidate should have/possess the following:

• Bachelor’s Degree in Computer Science, Engineering and Information Systems
• Experience in the area of security audit, compliance and security governance
• Strong understanding of information security principles, ISO 27001 and PCI Security Standard is preferred
• Good working knowledge of security risk management, security governance framework and compliance (IT Security Audit / Log review), technical vulnerability management (Vulnerability Assessment, Penetration testing), application security, security technologies (system hardening, IDS/IPS, firewall), security incident response and security assessment.
• Customer-focused with good interpersonal skills
• Team player with leadership qualities
• Possess one (or more) of the following security certifications: CISSP/CISA/CISM/ISMS Lead Auditor Certification

NCS​

Make extraordinary happen