Job Title: IT Security Officer (ITSO) / Security Consultant
Contract Duration: 1 Year (Renewable, subject to client approval)
Work Location: Singapore
Role Overview
We are seeking an experienced IT Security Officer (ITSO) to oversee governance, risk, and compliance activities while ensuring systems align with government cybersecurity standards. The role involves managing security risks, supporting security operations, and providing advisory guidance across projects and technology teams.
Key Responsibilities
1. Governance, Risk & Compliance (GRC)
- Ensure compliance with IM8, WOG Cybersecurity Policies, and government security standards.
- Conduct security risk assessments, gap analyses, and mitigation planning.
- Develop and maintain security documentation including SRM reports, policies, procedures, and system security plans.
- Support accreditation and certification processes such as STS, SCD, and annual security reviews.
2. Security Operations & Monitoring
- Monitor security alerts, incidents, and vulnerabilities across systems.
- Coordinate with Security Operations Centres (SOC) or vendors for incident triage and escalation.
- Track remediation activities from audits, penetration testing, and vulnerability scans.
- Ensure timely reporting of incidents to relevant cybersecurity authorities.
3. Project Security Assurance
- Participate in solution and architecture reviews to ensure security-by-design principles.
- Review technical designs and change requests for compliance with security policies.
- Conduct security assessments for applications, cloud platforms, and infrastructure changes.
- Validate and approve implementation of controls such as MFA, encryption, endpoint protection, and logging.
4. Policy Enforcement & Advisory
- Serve as the primary security SME for managed systems.
- Provide security guidance to project managers, developers, and infrastructure teams.
- Review vendor deliverables and ensure compliance with security standards.
- Ensure proper data classification, handling, and protection practices.
5. Security Awareness & Continuous Improvement
- Support and coordinate security awareness programs and training.
- Monitor updates to government cybersecurity regulations and standards.
- Recommend improvements to security processes, monitoring tools, and compliance frameworks.
- Support adoption of government cybersecurity initiatives and best practices.
Required Skills & Experience
- Experience in IT security, governance, risk, and compliance (GRC).
- Knowledge of government cybersecurity standards and frameworks.
- Experience conducting security assessments, risk management, and compliance reviews.
- Familiarity with security operations, incident management, and vulnerability management.
- Strong documentation, communication, and stakeholder management skills.
Preferred Qualifications
- Certifications such as CISSP, CISM, CISA, or equivalent security certifications.
- Experience working with government or regulated environments.
- Knowledge of cloud security, infrastructure security, and security architecture.
- Familiarity with ISO 27001, NIST, or similar frameworks.
EA License # 14C6941
