Lead/Senior Cybersecurity Governance Specialist

The client is a leading agency driving their clients initiatives and public sector digital transformation. As the Centre of Excellence for Infocomm Technology and Smart Systems (ICT & SS), the client develops the client's capabilities in Data Science & Artificial Intelligence, Application Development, Smart City Technology, Digital nfrastructure, and Cybersecurity.
The client offers the successful candidate a purposeful career to make lives better where they empower the people to master their craft through robust learning and development opportunities all year round.
The applicant must have the following prerequisites

1. Enterprise Risk Governance & Management

. Dynamic Risk Registers: Establish and oversee the Ministry-widesecurity risk register. You will ensure that registers are not static documents but living tools that accurately reflect the current threatlandscape and project status across all agencies.

. Senior Management Facilitation: Lead and facilitate high-level risk conversations with Senior Management and clients. You must be able to translate complex technical risks into clear business impacts to drive informed resource allocation and prioritisation.

. Risk Analysis Framework: Develop a robust framework to guideagencies in performing consistent, high-quality risk analysis. This framework should empower agencies to take calculated risks for innovation rather than defaulting to no due to risk aversion.

2.Threat Risk Assessment (TRA) & Standards

. Unified TRA Framework: Establish and maintain Ministry-wide standards for conducting Threat Risk Assessments across diverse domains, including Cloud (GCC), Web Applications, and OT/ICS systems.

. Crown Jewel Identification: Develop SOPs to guide agency project teams in identifying Crown Jewels (Critical Information Assets) and mapping comprehensive threat vectors.

. Standardisation of Controls: Define common security configuration standards and ensure that controls are technically effective in mitigating identified risks, rather than just meeting baseline requirements.

3. Zero Trust & Architecture Governance

. Zero Trust Roadmap: Lead the establishment of a Ministry-wideZero Trust Framework, setting the standards for identity-based security, micro-segmentation, and never trust, always verify architectures.

. Architectural Advisory: Provide expert GRC input during thedesign phase of high-impact systems to ensure security-by-design and alignment with Ministry standards.

. Technology Application: Evaluate and recommend securitytechnologies that effectively mitigate specific risks, ensuring that defensive layers remain relevant against modern threats.

4. Supply Chain & Ecosystem Risk Management

. Third-Party Risk Strategy: Establish the framework for managingrisks across the software supply chain and IT vendors.

. Dependency & Vendor Risk: Develop standards for assessingthe cyber-resilience of third-party partners and managing risks associated with software dependencies (e.g., Open Source libraries).

5. Audit Excellence & Systemic Improvement

. Proactive Readiness: Shift agencies from reactive'audit preparation to a state of continuous compliance and readiness.

. Root Cause Rectification: Oversee the closure of audit findings,ensuring agencies implement substantive, effective technical fixes rather than surface-level measures.

. Systemic Weakness Identification: Analyse audit trends acrossthe Ministry Family to identify and address systemic weaknesses before they can be exploited.

6. Stakeholder Management & Threat Intelligence

. Education & Advocacy: Partner with clients and ProjectOwners to inculcate a proactive risk management mindset.

. Threat & Tech Foresight: Keep abreast of evolving Actor TTPs(Tactics, Techniques, and Procedures) and technology changes. Periodically review the relevancy of existing Ministry-wide defences against the latest threats.

Experience

. Years of Experience: 10 to 12 years in Cybersecurity GRC,Information Security Risk Management, or Security Architecture.

. Domain Breadth: Proven experience in managing risks across ITand Cloud environments exposure to OT (Operational Technology) systems is a significant advantage.

. Regulatory Knowledge: Deep familiarity with Singapore Governmentsecurity policies (e.g., Instruction Manual on IT Management) and international standards (e.g., NIST, ISO 27001).

Technical Skills

. Risk Methodologies: Mastery of risk assessment methodologies(e.g., TVRA) and the ability to translate technical vulnerabilities intobusiness risk.

. Security Technologies: Strong technical understanding of variousZero Trust Architecture (ZTA) components and cloud security technologies. Such as Firewalls, EDR, IAM, SIEM, CSPM, CWPP, CASB and secrets management etc.

. Threat Awareness: Ability to map technical controls to the MITREATT&CK framework to ensure defensive coverage.

. Offensive Security: Proficiency in manual and automated testing tools deep understanding of the MITRE ATT&CK framework and common TTPs.

. Certifications: Professional certifications such as CISM(Certified Information Security Manager), CRISC (Certified in Risk and Information Systems Control), CISSP, OSCP or OSWE (Offensive Security Web Expert) are highly preferred.

Soft Skills

. Strategic Influence: Ability to educate and persuade seniorstakeholders (CIOs/Project Owners) on the importance of rigorous riskgovernance.

. Critical Thinking: Ability to look past surface-level auditcompliance to find and fix underlying systemic issues.

. Lifelong Learner: A genuine passion for staying updated on thelatest security technologies and evolving cyber threat landscapes.

. Risk Articulation: Exceptional ability to translate'deep technical issues (e.g., zero-day vulnerabilities, configuration drifts) into business risk for non-technical senior executives.

We are open to Singaporeans only

Key Role Details:

- Security Operations & Security Services

• Minimum experience: 8 years
• Budget: Max SGD 15,000 per month
• Must have for Security Services role: OSCP Certification

- Governance Specialist

• Minimum experience: 10 years
• Budget: Max SGD 17,000 per month
• Good to have: OSCP Certification

• Other Requirements

We are an equal opportunity employer and value diversity at our company as we believe that diversity is meaningful to innovation. Our employee benefits are based on a total rewards approach, offering a holistic and market-competitive suite of perks. This includes generous leave benefits to meet your work-life needs. We trust that you will get the job done wherever you are, and whatever works best for you - so work from home or take a break to exercise if you need to.. We also believe it's important for you to keep honing your craft in the constantly-evolving tech landscape, so we provide and support a plethora of in-house and external learning and development opportunities all year round. Subject to the nature of your job role that might require you to be onsite during fixed hours.