1. Governance, Risk & Compliance (GRC)
- Ensure compliance with IM8, WOG Cybersecurity Policies, and other government security standards.
- Lead security risk assessments, gap analyses, and mitigation planning for systems and projects.
- Develop and maintain security documentation including SRM reports, policies, procedures, and system security plans.
- Support accreditation and certification processes such as STS, SCD, and annual security reviews.
2. Security Operations & Monitoring
- Oversee security events, incident alerts, and vulnerabilities across systems.
- Coordinate with Government Security Operations Centres (SOC) or vendor SOC for incident triage and escalation.
- Track remediation of findings from audits, penetration tests, and vulnerability scans.
- Ensure timely reporting of incidents to relevant government cybersecurity authorities.
3. Project Security Assurance
- Participate in system design reviews to ensure security-by-design principles.
- Review solution architectures, technical designs, and change requests for compliance with WOG policies.
- Conduct security assessments for new applications, cloud services, or infrastructure changes.
- Validate and approve deployment of security controls (e.g., MFA, encryption, endpoint protection, logging).
4. Policy Enforcement & Advisory
- Act as the primary security SME for systems under management.
- Provide guidance to project managers, developers, and infrastructure teams on government security requirements.
- Review thirdparty vendor deliverables for compliance and security posture.
- Ensure data classification, handling, and protection guidelines are adhered to.
5. Security Awareness & Continuous Improvement
- Conduct or coordinate security awareness training for internal teams and vendors.
- Track cybersecurity trends and changes in government security regulations.
- Recommend improvements to security processes, monitoring tools, and compliance workflows.
- Drive adoption of GovTech cybersecurity initiatives (e.g., CSP, CCoP updates, logging guidelines).
