Executive/ Senior Executive Cybersecurity Assurance
The candidate will assist the Team Lead to build and set up security framework and policies and standards, create awareness and outreach and manage technology risk. This role will be actively involved to drive adoption of proactive technology risk management through a structured approach of risk identification, assessment and mitigation based on the organization risk tolerance. He / She will assist in the development and implementation of a company-wide cybersecurity framework and policies, and ensures appropriate control objectives for system confidentiality, integrity and availability within the context of the company's risk tolerance. He / She will work with various stakeholders to educate and promote the adoption of cybersecurity framework and policies, the rationale of such framework and policies including its applications to manage the evolving threat landscape, execute cybersecurity outreach programs and raise awareness on cybersecurity trends, threats and best practices across the organization, provide security consultancy and review of solutions to the business units and IT peers especially in the context of threat modelling, risk analysis & management. Responsibilities
•Support the creation and updating of standards and reference architectures. These reference architectures will provide direction and guidance on proper compliance with defined standards while ensuring StarHub is deploying secure infrastructure solutions.
• Assist with infrastructure assessments and advise for proper security service design and implementation.
• Ensures cyber security is addressed as a business issue across StarHub, provides overall coordination and management of all security activities within the company
• Develops and maintains relationships with business partner organizations to understand their business requirements and advise on security solutions
• Ensures security team participates in the secure system development lifecycle to ensure and verify security requirements and best practices are addressed in the entire project lifecycle.
• Monitors changes in industry-relevant legislation and accreditation
• Drive enterprise vulnerability management maturity including defining and tracking KPI metrics with IT peers
• Drive vulnerability disclosure program including bounty hunter program
• Drive executive table-top exercises, cybersecurity awareness and phishing simulation program
• Drive Red Team program Qualifications
• Bachelor's degree in Computer Science or related field with at least 2 years' experience as a security practitioner
Great to have:
• Certified Information Systems Security Professional (CISSP) and/or Certified Information Security Manager (CISM) or equivalent
• Knowledge of compliance frameworks and regulatory requirements (NIST, ISO 27001, Cybersecurity Act, Personal Data Protection Act, Payment Card Industry Data Security Standard, IMDA Code of Practice for Broadcasting & Telecommunications, etc)
• Demonstrated relevant security expertise in designing security solutions for a mix of technology areas, with a focus on application, network and cloud security
• Ability to quickly articulate creative & alternative methods for solving security-specific business problems
• Hands-on collaborative style and approach to working with other's
• Proven ability to communicate security compliance to executive business leaders
• Ability to influence others where there is no direct authority *We regret that only shortlisted candidates will be notified.