Jobfoundry
Jobfoundry
SMRT

Manager, Risk Management

SMRT
Public Transport & Rail OperationsSingapore, SGOnsitePosted 3 weeks ago
Apply Now

About the role

AI summarised

The Manager, Risk Management is responsible for ensuring compliance with cybersecurity regulations and standards, overseeing cybersecurity risk management activities, managing audit contracts and deliverables, supporting policy development, and promoting cybersecurity awareness and training within SMRT. The role involves collaboration with risk, audit, and legal teams, as well as providing technical guidance to OT cybersecurity operations.

TransportOnsite

Key Responsibilities

  • Ensure the organisation’s compliance with the security standards and guidelines stipulated in: CSA Cybersecurity Act, CSA Cybersecurity Code of Practice for Critical Information Infrastructure (CCoP), Relevant CSA’s Guide e.g., Guide to Conducting Cybersecurity Risk Assessment for Critical Information Infrastructure, LTA Code of Practice for Cyber Security in MRT Systems (CP8), including Land Transport Cyber Security Incident Management Framework (CSIMF), CSA publications such as Security-by-Design Framework, etc.
  • Oversee the conduct of cybersecurity risk management, including risk control measures, monitor follow-up actions to mitigate the identified risks until completion and provide regular updates to Management.
  • Manage contracts and deliverables for regulatory CCoP and CP8 audits (2-yearly), Risk Assessment (annually), Vulnerability Assessment (2-yearly) for CII and other contracts as required, and support the conduct of these activities, where required.
  • Manage processes such as waiver request submissions and reviews, and monitor follow-up actions arising from audits, Risk Assessment and Vulnerability Assessment.
  • Support Policy & Governance team in developing and implementing policies, standards and/or guidelines for managing cybersecurity risks and protecting OT systems against cybersecurity threats.
  • Gatekeep submissions of Material Change Form and corresponding CII Information Record (S10) Form within the specified timeline.
  • Report on the status of OT Cybersecurity status for submission to Authority and/or Management.
  • Support the conduct of Cybersecurity Management meetings.
  • Provide guidance to the OT Cybersecurity Operations team in managing CII and Non-CII Asset Information & Security baselines, Identity Management, Authentication and Access Control Technical security solutions to ensure the security and resilience of systems and assets, consistent with related policies, procedures, and agreements.
  • Collaborate with the SMRT Risk Management, Internal Audit and Legal Teams on risk and compliance matters.
  • Where required, support the conduct of validation checks to ensure that security control measures are maintained.

Requirements

  • Degree in Electrical & Electronics Engineering, Computer Science or equivalent.
  • At least 7 to 8 years of working experience in the engineering field.
  • Cybersecurity-related qualifications and/or certifications such as CISM, CISSP, CEH or CISA are preferred.
  • Good knowledge of cybersecurity regulations, principles, standards and processes.
  • Good knowledge of cybersecurity risk assessment and vulnerability assessment.
  • Strategising, Planning and Organising skills.
  • Knowledge of virtualisation with VMware is preferred.
  • Initiative-taking and adaptable
  • Effective communication
  • Critical thinking and problem-solving skills
  • Ability to work under pressure