PSA Group is looking for a strong team player/leader who is passionate about security with at least 12 years of experience in cyber security and around 7-9 years of experience in cybersecurity assurance and incident response to join their growing PSA International Group Cyber Security team.
You will gain a wealth of diverse experience and exposure as well as possible stints with our overseas port terminals such as in Europe and Asia.
You will gain exposure and experience supporting cyber ecosystem risk assessments and security improvements to enable both our future port development and cargo solutions orchestration.
Experience working with cyber security and in a regulated environment will be an added advantage.
This role reports to Group CISO at PSA International Pte Ltd.
Key Job Scope
Your Responsibility
- Cybersecurity Assurance & Assessment
- Establish assurance strategy and objectives, considering emerging trends, approaches and industry best practices
- Develop and conduct assessment activities in line with cybersecurity standards and guidelines, using appropriate methodologies and tools (eg table-top exercises)
- Analyse and evalutae assessment to highlight gaps and propose improvements and enhancements to existing cybersecurity processes and measures to address major risks
- Implement changes in the performance of assessments in alignment with changes in internal standards or external regulatory guidelines
- Cybersecurity Technology Management
- Oversee the cybersecurity technology management, cybersecurity engineering, cybersecurity advisories, vulnerability management, event management, incident management across the digital assets of PSA units including IT, OT, IoT and IIoT.
- Contribute to the development of technological and incident management standards, procedures and guidelines in alignment with PSA goals and objectives
- Perform cybersecurity threat modelling and risk assessments on various IT, OT and IIoT architectures, system and network designs and their components.
- Perform threat intelligence monitoring and watch out for new tactics, techniques and procedures as well as indicators of exposure, attack and compromises in the cyber security space.
- Design and develop timely and actionable vulnerability and threat intelligence advisories to all our business classes and units, provide vulnerability management and remediation oversight.
- Design or deploy technological solutions and architecture for IT, OT and IIoT, and establish demand aggregation and consumption across business classes and units.
- Evaluate, test and support implementation of new security systems, tools, and services.
- Cybersecurity Incident Management
- Develop and improve cybersecurity incident response plans, coordinate, conduct or participate in related table-top exercises, cybersecurity incident drills, and red/purple teaming exercises.
- Support the investigation and remediation of IT security incidents or policy violations, ensuring compliance and security standards are upheld.
- Lead the Cyber Incident Response Team (CIRT) during incident response processes, ensuring effective and coordinated actions and provide Level 2 or 3 incident response support on a 24x7 on-call basis.
Job Experience and Competencies in one or more of the following:
- Good experience in cybersecurity assurance and governance
- Good experience in compliance reviews
- Good project management skills, experience in project planning, management and implementation of cybersecurity frameworks (NIST, ISO)
- Good experience and knowledge in performing cybersecurity threat modelling and risk assessment
- Conducted cybersecurity vulnerability analysis and determined mitigating controls
- Good experience in operationalizing cybersecurity standards
- Good experience in incident response and forensics process
- Experience in cybersecurity threat intelligence analysis, cybersecurity monitoring, cybersecurity event analysis and correlation, incident response and forensics investigation
- Designed IT and OT cybersecurity architecture in a maritime, transport or logistics industry
- Prior maritime, logistics or transportation knowledge with international experience would be an advantage
The successful candidate must have some of following skills, personalities and certifications:
Skills
- At least Degree in Computer Science or related discipline (Essential)
- At least 12 years of cybersecurity experience (Essential)
- At least 7 years of cybersecurity assurance or governance experience
- Practical knowledge of security standards e.g. ISO 27001/2, NIST, CSA-CCM, etc.
- Practical knowledge of risk governance and assurance (e.g. CRISC, CISA, COBIT)
- Good knowledge of cybersecurity architectural practices such as TOGAF or SABSA
- Good knowledge of OT cybersecurity frameworks and guidelines such as NIST SP800-82 and ISO/IEC 62443
- Good knowledge of incident management and forensics procedures (e.g. GCIH, GCIA, GCFA or GREM or equivalent)
- Good understanding of threat modelling e.g. MITRE ATT&CK framework
- Good understanding of cybersecurity maturity models e.g. C2M2, CMMC or CMMI
Personalities
- Strong communication, interpersonal, analytical and problem-solving skills
- Proactive and can work independently
- Good team player
- Good project management skills
- Good stakeholder engagement
- Willingness to travel at short notice
- Willingness to get hands dirty and adopt a growth mindset
- Willingness to accept workload peaks and troughs
Certifications
- CISSP, CRISC or equivalent (Essential)
- ISO27001 Lead Auditor, CISA or equivalent (Essential)
- GCIH, GCIA, GCFA, GREM, MITRE or equivalent
- ISA/IEC 62443 or equivalent
- TOGAF, SABSA or equivalents
