As the Lead IT Consultant, you will support the Communications & Information Technology division in all SIT's IT security initiatives
Job Responsibilities:
Lead the IT Security team to manage and all IT security-related matters that support SIT’s business objectives and strategies.
Develop and carry out IT security policies and plans.
Conduct security review of existing systems on their ability to provide adequate defence against the latest security threats.
Conduct vulnerability assessments and penetration tests for all critical IT systems.
Drive and conduct IT Security awareness and training like security talks, phishing simulation and incident response exercises.
Manage and investigate all cyber security alerts and notifications from cyber surveillance and threat intelligence to identify root cause and impact for effective containment, mitigation and future improvements.
Manage and investigate all IT Security incidents to identify root cause and impact for effective containment, mitigation and future improvements.
Engage IT project teams throughout the SDLC to identify and prioritize applicable security controls and provide guidance on how to implement these controls.
Jointly perform, monitor, track and review with IT Governance team and other IT teams on all information systems and infrastructureand security.
Maintain and enhance the Information Security risk assessment methodology.
Develop appropriate risk treatment and mitigation options to address security risks identified during security review or audit.
Act as Subject Matter Expert (SME) in security technologies and provide knowledge sharing and technical assistance to other team members.
Define security configuration standards for platforms and technologies.
Detailed reporting on IT security initiatives, scans, incidents to SIT management and statutory reporting to MOE.
Research new security technologies, threats and vulnerabilities and implement necessary measures such as EDR/XDR, DAM, MDM, Microsoft AIP, VMS, CASB, PAM, IAM, 2/MFA, NAC, Red Teaming.
Key Requirements:
Degree in Computer Science, Information Technology or related disciplines.
Minimum 8-10 years of experience in Information and Cyber Security.
Good knowledge and experience with cloud security of Amazon Web Services (AWS), Microsoft Azure and SaaS solutions, security standards and frameworks like NIST, ISO27001, MTCS, CSA Security-by-Design (SBD) and Personal Data Protection Act (PDPA) is essential; familiarity with Government IM and PCI-DSS is desirable.
Other relevant certifications such as CISSP/CISA/CISM, CREST, CEH, CHFI would be advantageous.
Demonstrated leadership and adaptability, with willingness to readily and voluntarily take ownership of highly challenging tasks and problems, even beyond initial scope of responsibility.
Ability to handle multiple tasks concurrently and meet deadlines, while maintaining focus despite conflicting demands.
Company information
...