Job Title: ITSO

Location: Singapore

Department: Information and Communications Technology (ICT)

Key Responsibilities

1. Cybersecurity Management

• Track, manage, and escalate cybersecurity incidents and critical security threat events to the Agency as required.
• Disseminate security advisories, threat intelligence reports, security directives, and patch recommendations promptly to the relevant stakeholders in the Agency.
• Conduct information security awareness training sessions to cultivate a security-conscious culture among staff.
• Lead or assist in conducting tabletop exercises and security risk management activities to enhance incident response readiness.

2. Security Product Management

• Perform vulnerability scanning and security assessments on applications (client/server, mobile apps) deployed in the corporate networks using Tenable and Nessus.
• Analyze vulnerability scan results, recommend remediation actions, and track resolution status.
• Utilize Splunk or security tools for security event monitoring, log collection, and analysis of security incidents.
• Perform onboarding and vulnerability scanning of computing devices before connecting to the corporate network to ensure compliance with cyber hygiene standards.

3. Compliance and Reviews

• Conduct periodic security reviews and audits to ensure adherence to the Agency’s ICT and cybersecurity incident response plans.
• Perform security assessments of ICT systems, including detailed log analysis and reporting.
• Recommend and support implementation of security improvements based on audit findings and emerging threat landscapes.

4. Network and Security Integration

• Manage, configure, and optimize security tools and platforms to ensure effective integration with the network and IT infrastructure.
• Implement, regular updates and maintain security policies, technical baselines, and standard operating procedures (SOPs) to protect the Agency’s IT environment.
• Monitor and ensure compliance with secure configuration standards across systems and devices.

5. Documentation and Reporting

• Maintain detailed and up-to-date documentation of security incidents, vulnerability assessments, security checklist, security controls, and related policies.
• Prepare and deliver regular reports on security performance metrics, incident trends, compliance status, and risk mitigation efforts.
• Ensure timely escalation and reporting of major and cyber risk incidents to management and relevant stakeholders.

6. Collaboration and Advisory

• Work closely with other IT teams (e.g., Infrastructure, Application, Project teams) and external vendors to support, implement, and maintain security solutions.
• Provide security advisory and recommendations to support projects, system implementations, and procurement activities to ensure security-by-design principles are embedded.
• Collaborate with the Agency to align security practices with organizational cybersecurity strategies and compliance requirements.

Requirements

Qualifications

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related discipline.
• Mandatory professional certifications such as CISSP, CISM, GIAC, or equivalent would be advantageous.

Technical Skills

• Hands-on experience with security tools such as Tenable, Nessus, and Splunk.
• Solid understanding of vulnerability management, threat analysis, and incident response processes such as data monitoring Imperva , Defender , Symantec
• Knowledge of secure network design, endpoint security, and system hardening techniques.
• Familiarity with ICT security compliance frameworks, cybersecurity standards, and risk management practices.

Other Skills

• Strong analytical and problem-solving skills with attention to detail.
• Effective communication skills, both written and verbal, with the ability to clearly articulate security risks and recommendations.
• Ability to work independently with minimal supervision and collaboratively within a team in a dynamic and fast-paced environment.
• Proactive mindset with a continuous improvement attitude towards cybersecurity operations.