Manager, IT Cybersecurity Architect

In an increasingly complex digital and operational landscape, a robust cybersecurity architecture is essential to safeguarding SMRT's systems, services, and critical infrastructure. The Manager, IT Cybersecurity Architect will support the definition, design and governance of SMRT's cybersecurity architecture, ensuring that security controls are embedded into technology systems, operational processes, and transformation initiatives. This role is responsible for establishing the cybersecurity architecture strategy, driving architectural standardisation, ensuring secure by design principles, and enabling strong alignment between cyber requirements, business needs, and technology plans. You will play a key role in strengthening SMRT's cybersecurity resilience through architecture oversight, security design governance, solution validation, and forward looking capability development.

As Manager, IT Cybersecurity Architect, you will support the Head, Cybersecurity Architect Office in developing and implementing a robust cybersecurity architecture framework and strengthening organisational resilience. Your responsibilities include:

Cybersecurity IT Architecture Strategy & Governance

• Develop and maintain SMRT's IT cybersecurity architecture blueprint, ensuring alignment with the organisation's technology roadmap and cybersecurity strategy.
• Establish secure by design principles, architecture guardrails, and security design standards for all digital and operational systems.
• Provide governance and oversight through architecture review boards, design assurance processes and solution endorsement mechanisms.
• Ensure that architecture decisions support resilience, scalability, and compliance with emerging threats and regulatory requirements.

Security Design & Technical Advisory

• Lead the design and evaluation of security controls for new systems, platforms, cloud solutions and major transformation programmes.
• Provide expert advisory to project teams, solution architects, and engineering teams on system hardening, network segmentation, identity security, cloud security and application security.
• Conduct architectural risk assessments and security design reviews, identifying design weaknesses and recommending effective mitigation measures.

Technology Standards & Reference Architectures

• Develop, publish and maintain cybersecurity reference architectures, technology standards and integration patterns.
• Ensure that architecture artefacts remain updated with industry best practices, emerging technologies and regulatory expectations.
• Lead the harmonisation of cybersecurity tooling and platforms, promoting interoperability, standardisation and lifecycle optimisation.

Security Capability Development

• Identify emerging security capabilities required to support SMRT's cyber roadmap (e.g., Zero Trust, identity centric security, cloud-native security, advanced monitoring).
• Evaluate new security technologies and conduct proof of concepts to validate feasibility, effectiveness and architectural fit.
• Drive the planning and implementation of strategic cybersecurity architecture initiatives.

Cybersecurity Architecture Assurance

• Support technical assurance activities to validate that implemented solutions meet approved security architecture requirements.
• Review system configurations, deployment architectures and integration designs to ensure adherence to approved security design patterns.
• Track and report on architecture compliance, deviations and remediation plans.

Stakeholder Engagement & Collaboration

• Partner closely with technology teams, engineering groups, business units and operations to ensure cybersecurity architecture is practical, adoptable and aligned with business needs.
• Engage senior management and provide clear architectural insights, risks and recommendations to support decision making.
• Work with external partners, vendors and regulators to align SMRT's architecture direction with industry norms and regulatory frameworks.

•    A bachelor's degree in Cybersecurity, Information Systems, Computer Science, or a related discipline.
•    5–10 years of relevant experience in cybersecurity architecture, security engineering, enterprise architecture, or security design for complex IT environments.
•    Strong experience defining and governing enterprise‑level security architectures, including secure‑by‑design frameworks, architecture blueprints, and technology standards.
•    Demonstrated expertise in designing and evaluating security controls across cloud and on‑premise systems.
•    Hands‑on experience conducting architectural risk assessments, security design reviews, and solution validation.
•    In‑depth understanding of cybersecurity frameworks such as NIST CSF, ISO/IEC 27001, CIS Controls, and other architecture‑related standards.
•    Good knowledge of Singapore's regulatory requirements including the Cybersecurity Code of Practice (CCoP), Personal Data Protection Act (PDPA), and sector‑specific cyber standards.
•    Experience leading multi‑disciplinary technical teams, advising senior stakeholders, and working with regulators, vendors, and industry partners.
•    Proven track record in evaluating emerging security technologies, conducting proof‑of‑concepts, and shaping long‑term cyber capability development.

Technical Skills include:
•    Understanding of cybersecurity governance, risk and compliance principles, enabling effective alignment of architecture decisions with enterprise risk management frameworks.
•    Ability to assess the effectiveness of security controls and identify gaps in policy, standards, and security design implementation.
•    Strong proficiency in designing and evaluating enterprise security controls across cloud and on‑premise systems, aligned with secure‑by‑design and architecture guardrail principles.
•    Deep knowledge of cybersecurity frameworks and architecture‑related standards such as NIST CSF, ISO/IEC 27001, CIS Controls, and relevant regulatory codes (e.g., CCoP, PDPA).
•    Experience conducting architectural risk assessments, solution validation, and technical assurance to ensure implementation fidelity with approved designs.
•    Familiarity with modern security architecture concepts such as Zero Trust, identity‑centric security, cloud‑native architectures, and advanced detection and monitoring capabilities.

Core Competencies include:
•    Excellent analytical and documentation skills, with strong attention to detail.
•    Effective communicator with the ability to engage stakeholders across technical and non-technical domains.
•    High integrity and discretion in handling sensitive information.
•    Proactive and collaborative mindset, with a commitment to continuous improvement.