IT Security Lead (AMK)

Job Summary

The IT Security Lead manages end-to-end security governance, compliance, and operations for mission-critical systems, collaborating with cross-functional teams and external auditors to ensure adherence to government security policies.

Responsibilities

Day 1 - Project / Implementation Security

• Define and implement system security architecture aligned with Singapore Government policies
• Review application, middleware, infrastructure, and platform designs for security compliance
• Conduct threat modeling and risk assessments, mapping risks to mitigating controls
• Translate policy requirements into actionable technical controls across technology stacks
• Ensure compliance with IM8, Whole-of-Government security requirements, and PDPA where applicable
• Establish and oversee cybersecurity governance across infrastructure, application, and project teams
• Prepare and maintain documentation including Security Risk Assessments, Vulnerability Assessments, Penetration Testing reports, and security hardening baselines
• Partner with software teams to enforce secure coding standards and DevSecOps practices
• Integrate and govern SAST/DAST, dependency/SCA scanning, and container image scanning within CI/CD pipelines
• Review and triage security tool findings, driving remediation and risk acceptance decisions
• Provide guidance on API security, token/secret management, and secure service-to-service communication
• Plan, coordinate, and manage vulnerability and penetration testing engagements and vendors
• Track remediation progress to closure and document residual risks and risk acceptance
• Support security clearances and go-live certifications
• Review and approve OS, middleware, database, Kubernetes/container security, API gateway, WAF, rate-limiting, and authentication configurations

Day 2 - Operations / Production Security

• Lead security incident investigations, containment, and recovery efforts
• Perform root cause analysis and define corrective and preventive actions
• Coordinate with Government SOC and stakeholders contribute to and refine incident response playbooks
• Communicate security incidents clearly to technical and non-technical audiences
• Oversee continuous vulnerability monitoring and posture management
• Track patch and configuration compliance across infrastructure, middleware, applications, and containers
• Provide risk assessments and compensating controls for deferred patches
• Review and tune alerts, detections, and dashboards in SIEM and related tools
• Ensure monitoring coverage for critical systems and high-value assets
• Support internal and external audits, evidence collection, and closure of audit findings
• Prepare and present security posture, metrics, and trend reports to management
• Maintain risk registers and mitigation plans with up-to-date security documentation
• Communicate security assessments and findings effectively to varied stakeholders
• Oversee and periodically review RBAC, MFA, Privileged Access Management, and joiner/mover/leaver processes
• Ensure least privilege access, segregation of duties, and periodic access recertifications
• Support incident response handling, log analysis, and activity reviews
• Drive continuous improvement across identify, protect, detect, respond, and recover functions

Required competencies and certifications

• Degree in Computer Science, Cybersecurity, Information Security, or equivalent
• 8-12 years of IT experience including at least 5 years as a Security Lead or Security Architect
• Proven experience in Singapore Government IT projects and IM8/government security compliance
• Hands-on experience with Kubernetes/Docker security, API security, Identity & Access Management (IAM), and security tools (SAST/DAST/SIEM) integrated with CI/CD

Preferred competencies and qualifications

• Certifications such as CISSP, CISM, CISA, CEH, GIAC (e.g., GSEC, GCIA, GCIH, GCSA)
• AWS or Azure Security certifications

5 day week @ AMK area

Maestro HR
damien lee tian hong
R1106726
16C8462