The IT department in NTUC First Campus manages and maintains the organization's technology applications and infrastructure to ensure operational efficiency and secure organizational resilience.
As a Cybersecurity Specialist, you will be responsible for security risk assessments, cybersecurity monitoring and operations. You will report to the Cybersecurity Manager and provide support in all aspects of cybersecurity for NTUC First Campus, to identify, analyze and mitigate cybersecurity risks in order to safeguard personal data, protect the organization's systems and ensure compliance with relevant regulations and standards.
Key Responsibilities
- Primary Point of Contact, and First Responder (monitoring and responding to alerts from Managed Services)
- Perform log analysis, investigate and respond to security incidents, including suspicious activities, phishing attempts, malware infections and data breaches.
- Collaborate with various teams to investigate, contain and remediate security incidents.
- Perform security risk assessments, formulate and advise on a risk treatment plan
- Review security testing reports (e.g. vulnerability assessment, penetration testing and secure code review) and work with application teams for remediation
- Coordinate cybersecurity awareness activities (e.g. newsletters, trainings, phishing campaigns)
- Support and administer cybersecurity operations using enterprise security solutions (e.g. onboarding of privileged accounts to PAM, implementing WAF for website protection, and reviewing firewall rules, etc.)
- Work closely with Infrastructure and End User Support teams to identify and address any risks and gaps in the infrastructure, endpoints, and application systems
- Collaborate with third-party vendors and contractors to ensure the security of outsourced systems and services.
- Assist the business in performing business impact analysis and maintaining a cybersecurity risk register
- Support vendor due-diligence process and help to guide overall third-party risk management efforts
- Support both internal audit and external audits (e.g. ISO 27001, NIST, OWASP)
Education
- Bachelor's degree in Computer Science, Information Technology, Cybersecurity or a related field
- Relevant professional certifications such as CISSP, CISM, or CISA are preferred.
Experience
- Minimum of 3 years of experience in cybersecurity
- Experience with security technologies such as firewalls, intrusion detection/prevention systems, and data encryption.
- Has knowledge in security technologies such as Antivirus/Endpoint Detection and Response (EDR), Privilege Access Management (PAM), and Web Application Firewall (WAF)
- Familiarity with security assessment tools and techniques, including vulnerability scanning and penetration testing.
- Experience in vendor and project management
Skills and Attributes
- Excellent communication skills and the ability to explain complex technical concepts to non-technical stakeholders.
- Strong analytical and problem-solving skills
- Highly driven and willing to learn
