Jobfoundry
Jobfoundry
Singapore Airlines

Information Technology - Cyber Security Specialist (Risk and Governance)

Singapore Airlines
BusinessSearch by LocationFull-time3 weeks ago
Apply Now

About the role

AI summarised

This role is for a Cyber Security Specialist in the Group Information Security Team at Singapore Airlines, focusing on risk and governance. The specialist will ensure corporate assets are protected against cyber threats, manage security policies, conduct risk assessments, and drive compliance with regulatory requirements.

BusinessFull-time655

Key Responsibilities

  • Provide cyber governance and risk management oversight.
  • Manage the security policy framework and relevant standards.
  • Oversee applicable security, regulatory, privacy, contractual cyber requirements.
  • Manage cyber risk analysis and self-assessments program for various information services, systems, processes and recognized industry standards.
  • Conduct risk assessments, document results, and propose and track remediation tasks.
  • Develop compliance program to routinely assess existing infrastructure, systems, and applications for compliance and vulnerabilities and propose relevant mitigating controls.
  • Conduct vulnerability assessments and track remediation status of identified vulnerabilities.
  • Identify and assess cyber risks and recommend and drive cyber security solution and initiatives to improve cyber security posture.
  • Define controls to meet regulatory, legislative, and industry specific compliance requirements.
  • Manage third party cyber risk assessment standards.
  • Prepare IT security related KPI reports and management reports for compliance monitoring and reporting.
  • Drive the implementation of GRC tool.

Requirements

  • Degree in IT or related fields.
  • 4-5 years relevant information security working experience, especially in the application security space.
  • Professional security certifications (CISSP, CISA, CEH etc) preferred.
  • Experience with Governance, Risk and Compliance (GRC) activities.
  • Familiar with PCI, PDPA, GDPR requirements.
  • Experience in security technologies, practices, application/network/systems architecture and design, tests tools and processes.
  • Knowledge of cyber security threats, vulnerabilities, hacking and exploit methods etc.
  • Strong oral, written, presentation and inter-personal skills.
  • Possess positive attitude with drive, initiative, enthusiasm and a keen sense of urgency in resolving high-priority issues.
  • Able to work independently and in a team-oriented, collaborative environment.