Senior / Manager, Cybersecurity Assurance Senior / Manager, Cybersecurity Assurance …

in Singapore
Permanent, Full time
Be the first to apply
in Singapore
Permanent, Full time
Be the first to apply
Senior / Manager, Cybersecurity Assurance
Job Description

The candidate will be responsible for building / set up of security framework and policies and standards, create awareness and outreach and manage technology risk. This role will actively drive adoption of proactive technology risk management through a structured approach of risk identification, assessment and mitigation based on the organization risk tolerance. He / She will lead in the development and implementation of a company-wide cybersecurity framework and policies, and ensures appropriate control objectives for system confidentiality, integrity and availability within the context of the company's risk tolerance. He / She will work with various stakeholders to educate and promote the adoption of cybersecurity framework and policies, the rationale of such framework and policies including its applications to manage the evolving threat landscape, execute cybersecurity outreach programs and raise awareness on cybersecurity trends, threats and best practices across the organization, provide security consultancy and review of solutions to the business units and IT peers especially in the context of threat modelling, risk analysis & management.


  • Actively lead the creation and updating of standards and reference architectures. These reference architectures will provide direction and guidance on proper compliance with defined standards while ensuring StarHub is deploying secure infrastructure solutions.
  • Responsible for leading infrastructure assessments, making decisions on threat modelling and proper security service design and implementation.
  • Provide technical advisory or consultancy in secure infrastructure design.
  • Ensures cyber security is addressed as a business issue across StarHub, provides overall coordination and management of all security activities within the company
  • Develops and maintains relationships with business partner organizations to understand their business requirements and advise on security solutions
  • Ensures security team participates in the secure system development lifecycle to ensure and verify security requirements and best practices are addressed in the entire project lifecycle.
  • Monitors changes in industry-relevant legislation and accreditation
  • Drive enterprise vulnerability management maturity including defining and tracking KPI metrics with IT peers
  • Drive vulnerability disclosure program including bounty hunter program
  • Drive executive table-top exercises, cybersecurity awareness and phishing simulation program
  • Drive Red Team program


  • Bachelor's degree in Computer Science or related field with at least 14 years' experience as a security practitioner in developing cyber security architecture and programs for large organization.
  • Certified Information Systems Security Professional (CISSP) and/or Certified Information Security Manager (CISM) or equivalent
  • Knowledge of compliance frameworks and regulatory requirements (NIST, ISO 27001, Cybersecurity Act, Personal Data Protection Act, Payment Card Industry Data Security Standard, IMDA Code of Practice for Broadcasting & Telecommunications, etc)
  • Demonstrated relevant security expertise in designing security solutions for a mix of technology areas, with a focus on application, network and cloud security
  • Experienced cyber security leader who has successfully built security programs and policies in fast paced organizations like StarHub
  • Strong business/relevant industry acumen
  • Ability to quickly articulate creative & alternative methods for solving security-specific business problems
  • Hands-on collaborative style and approach to working with other's
  • Excellent leadership skills and ability to lead organization through rapid change
  • Proven ability to communicate security compliance to executive business leaders
  • Ability to influence others where there is no direct authority
  • Ability to develop and coach cyber security technical knowledge to the next line of cyber security professional / engineers.

*We are regret that only shortlisted candidates will be notified.

More Jobs Like This
See more jobs