IT Security Officer

• 1-year contract, renewable
• Government project
• Hybrid work arrangement

Role Overview

We are seeking an experienced IT Security Officer (ITSO) to focused on Governance, Risk, and Compliance (GRC) across both end-user computing, on-premises and cloud environments. ITSO acts as a subject matter expert who ensures that systems and procedures are align with the Singapore Government's Instruction Manual 8(IM8) policies and standards.

Key Responsibilities

Develop cybersecurity Standards and Policies:

• Develop and maintain cybersecurity standards, procedures, and rulesets based on best practices and IM8 compliance
• Perform risk assessments on system deviations and new project functionalities

Compliance & Hardening:

• Conduct system hardening checks using CIS Benchmarks and IM8 standards
• Perform security reviews to ensure remediation of audit findings
• Run table-top or simulation exercises

Audit Coordination & Management:

• Act as primary interface for internal and external auditors (AGO, GovTech audit teams)
• Coordinate Request for Information (RFI) processes
• Ensure evidence collection and prompt provision to auditors

Security Monitoring Support:

• Monitor and respond to security alerts and incidents (phishing, malware, endpoint alerts)
• Coordinate with system operators to identify potential threats
• Perform basic triaging before escalation to next level security responder
• Provide updates to stakeholders

Vulnerability and Penetration Test Management:

• Perform vulnerability assessment and penetration test activities using automated and manual tools
• Provide actionable remediation recommendations
• Understand published vulnerabilities and their security patches in context of deployed systems
• Perform risk assessments on vulnerabilities

On-Premise and Cloud Security Governance:

• Monitor and notify security patch releases for various environments (End-User computing, On-Premise Office Networking, GCC, GCC+)
• Assess security patch ratings using CVSS standards
• Consider deployed environment context when rating patches

Stakeholder Engagement:

• Present vulnerability scanning results, security testing results, and security incidents to management
• Conduct security awareness training for users
• Act as bridge between technical teams and management

What We Are Looking For

Experience & Qualifications:

• Bachelor's degree in Computer Science, IT, Cybersecurity, or related field
• Minimum 3 years relevant experience
• Experience in network security, secure application development, cryptography, mobile security, cloud hosting, or DevSecOps
• Experience working with teams to create security policies and procedures
• Security certifications (SANS GCIH, CISSP, CISM, CISA, AWS/Azure security) preferred

Technical Skills:

• Proficient with tools like Tenable, Nessus, and Splunk
• Familiar with cloud security platforms (AWS Security Hub, Microsoft Defender/Sentinel for Cloud)
• Understand cybersecurity investigation processes and vulnerability assessment/penetration testing (VAPT)

Personal Qualities:

• Good stakeholder management skills
• Strong presentation skills
• Write clearly and concisely

Good to Have:

• Government sector experience
• Healthcare industry knowledge
• Digital transformation background