Responsibilities:
Cybersecurity Governance:
- Develop, implement, and review cybersecurity policies, standards, and procedures in alignment with organizational needs and national frameworks (e.g., CSA, IM8).
Drive awareness and training programmes to embed a culture of cybersecurity across the organisation. - Provide guidance to business units on secure practices and policy adherence.
Cybersecurity Risk Management
- Conduct regular risk assessments on IT systems, operational technologies, and supply chain processes to identify vulnerabilities and threats.
- Assess the cyber security risk of third-party vendors with an appropriate level of detail
- Identify controls to address gaps in third party vendor relationships Monitor the implementation of controls
- Establish risk registers, recommend mitigation strategies, and track remediation activities.
- Monitor emerging cybersecurity risks, particularly those affecting logistics, warehousing, and transportation systems
- .Liaise with the application project team on Penetration test findings closure and improvement track finding and ensure timeliness closure.
- .Ensure Cyber risk register are kept up to date and risk are calculated accurately.
Cybersecurity Compliance and Audit
- Ensure compliance with regulatory requirements (e.g., PDPA, Cybersecurity Act, MAS TRM) and global standards (ISO 27001, NIST).
- Coordinate and support internal/external audits and customer security assessments.
- Maintain and update compliance documentation, audit evidence, and reports.
- Conduct assurance reviews to validate governance adherence and expected outcomes.
- Collaborate with technology and business teams to automate compliance checks and audit processes.
- Assess third-party vendor cybersecurity risks, define and monitor controls, and track remediation.
- Oversee security operations service provider in managing cybersecurity incidents and operations.
- Support deployment of cybersecurity solutions and assist in resolving security-related issues.
- Monitor, detect, and ensure timely remediation of cyber threats, risks, and vulnerabilities.
- Stay current with emerging threats, technologies, and industry best practices recommend controls and solutions.
- Plan, conduct, and oversee vulnerability assessments and penetration testing, ensuring timely closure of findings.
Incident Preparedness & Reporting
- Support the development and testing of cybersecurity incident response and business continuity plans.
- Ensure governance and compliance aspects are addressed during incident investigations and post-mortems.
- Report cybersecurity metrics and compliance status to senior management and relevant committees.
Requirements:
- Degree/Diploma in Cybersecurity, Information Security, Computer Science, or a related discipline.
- CISM, CISSP, CRISC, ISO 27001 Lead Implementer/Auditor, or equivalent.
- 5-8 years of experience of relevant cybersecurity experience, with at least 2-3 years in governance, risk, and compliance functions.
- Proficient in MS Office Applications / Microsoft Power Platform Applications and social media platforms
- Basic understanding of cybersecurity principles and best practices
