Job Description
Job Description
As a Principal Engineer (GRC), you will execute and own daytoday cybersecurity governance, risk and compliance activities across StarHub's business units. You will ensure our digital assets and projects comply with internal security policies and Singapore telco regulatory obligations (e.g., IMDA, CSA, TCS, BCS, CCoPv2) while uplifting our detection and response capabilities. You will collaborate with internal teams, our MSSP, and external consultants to deliver security reviews, exercises, and remediation on time and to a high standard.
Key Responsibilities:
- Regulatory Compliance & Governance (Execution)Maintain Cybersecurity Management (CSM) documentation and contribute to 5G policy development to align with regulatory obligations and deadlines.Plan and execute—together with appointed consultants and internal stakeholders—the following annual/biennial activities, including drafting and socialising reports and tracking remediation to closure:BiAnnual Host Configuration Reviews for CII and CIIsupporting assetsAnnual TableTop Exercises (TTX) across major stakeholdersBiennial external audits with auditors and key business unitsMaintain auditready artefacts and ensure submissions meet expected timelines and quality.
- Security Engineering & OperationsPartner with the MSSP and platform owners to ensure comprehensive 24×7 log ingestion and monitoring coverage; onboard new log sources and use cases.Tune SIEM/SOAR detections and playbooks; develop runbooks to reduce mean time to detect/respond.Track and drive vulnerability remediation for assigned systems; ensure adherence to SLA (e.g., critical within 14 days) and report status to stakeholders.Support incident response (IR): triage, containment coordination, evidence preservation, and postincident reviews; facilitate lessons learned and control improvements.Develop or enhance automation (e.g., scripts/dashboards) for evidence collection, risk tracking, and compliance reporting.
- Risk Management & AssurancePerform risk assessments and threat modelling for new/changed business solutions; define security requirements and validate they are tested before golive.Maintain accurate risk register entries for owned domains; ensure risks have clear owners, treatments, and review cadences.Evaluate new security solutions/approaches and contribute to policies, standards, and guidelines.
Qualifications
Qualifications
Requirements:
Bachelor's degree in Computer Science, Computer Engineering, Information Technology, or related field.5–8 years handson experience in cybersecurity engineering and/or GRC within a telco or similarly regulated environment.
Familiarity with Singapore regulatory landscape (IMDA, CSA, CII requirements) and enterprise frameworks (e.g., NIST CSF, ISO/IEC 27001).
Demonstrated experience in one or more of: identity & access management (RBAC, MFA, PAM), cryptographic controls, vulnerability management, firewall policy reviews, log analysis, packet/stream analysis, SIEM/SOAR tuning, and incident handling.
Strong written and verbal communication skills; ability to prepare reports for technical and senior, nontechnical stakeholders.Able to participate in oncall/afterhours support during critical cybersecurity incidents.
Preferred Certifications (nicetohave): GCIH, GCFA, CISA, CISSP (or equivalent).
