We're looking for dynamic and motivated individuals to join our Risk Services - Cyber Technology Teams. As part of our dynamic team, you'll engage in a range of responsibilities, including but not limited to:
Cloud Security:
- Work on client engagements involving performing tasks such as Cloud and system security controls assessments, Cloud risk and resilience and Cloud regulation framework reviews, vulnerability assessments under the supervision of a Senior or Manager
- Assist team to provide advisory around cloud governance, framework, policies and processes
- Evaluate technical and business requirements and documentation on risk aspects
- Present recommendations and alternative approaches in respect of risk prevention, mitigation, and response to clients based on impact to infrastructure, as well as process design and build
Data Protection:
- Support assessments of clients data protection practices against local regulations (such as PDPA in Singapore) and international standards (e.g., GDPR, ISO 27701, ISO27001, NIST Cybersecurity and Privacy frameworks).
- Assist in performing gap analyses and compliance assessments, contributing to detailed reporting and actionable recommendations.
- Work closely with experienced consultants on client engagements involving risk management, governance frameworks, and regulatory compliance.
- Engage with various tools and technologies used in data security, privacy management, and risk assessment.
- Collaborate across multidisciplinary teams, assisting with the establishment and uplift of data and cybersecurity measures for our clients.
Cyber Simulation:
- Working with the team for the end-to-end conduct of cybersecurity exercises, including exercise planning, scenario development, and reporting.
- Conducting current state discovery to understand the client's technology infrastructure, cyber resilience programs, incident response plans, and scenario-specific playbooks.
- Designing exercise scenarios that are relevant to and aligned with the client's specific environment and context.
- Engaging relevant business, operational, technical, and management teams in preparing for the cybersecurity exercise.
- Providing recommendations to the client on improvements to their existing setup and plans
- Developing the exercise report and providing observations and recommendations that are meaningful and relevant to the client's context.
- Proactive support in business development activities such as bid management, proposal formulation, and client presentations, including adhering to internal risk management and compliance policies.
Security GovernanceStandard & Strategy
- Support development of cyber security strategies for organizations.
- Deliver gap assessments and reviews against cybersecurity standards such as NIST and regulations such as CSA Cybersecurity Codes of Practice (CSA CCoP), ISO27001, CSA Cyber Trust Mark and others.
- Collaborate with client's teams to gather necessary evidence and documentation.
- Evaluate the design and operating effectiveness of IT controls related to cybersecurity etc.
- Identify potential risks, vulnerabilities, and areas for improvement within IT systems and processes.
- Support clients in their remediation activities to comply with the cybersecurity standards and regulations. The activities may encompass policy development, process design and training.
- Prepare clear and concise reports, including findings and recommendations for management.
Risk Assessment:
- Work on client engagements involving performing tasks such as threat modelling, cybersecurity risk identification, risk analysis and risk evaluation under the supervision of a Senior Associate or Manager
- Assist team to conduct interviews and workshops with clients for gathering information required for assessment
- Strong capability to understand and assess technical controls and processes of systems
- Strong written and verbal communication skills; ability to translate technical risk to business impact
- Produce prioritized, risk-based recommendations and alternative approaches to prevent, mitigate and respond to identified cybersecurity risks
- Familiarity with threat models and frameworks such as STRIDE-LM, MITRE ATT&CK and NIST Cybersecurity Framework is preferred
Qualifications:
- Bachelor's or Master's degree in Information Technology, Computer Science, Computer Engineering, Cybersecurity, or related disciplines.
- Basic understanding of network, cryptography principles, and data loss prevention technologies.
- Familiarity with cloud security principles and tools (e.g., Microsoft 365, AWS, Azure).
- Awareness of database security, data anonymization, and cybersecurity frameworks.
- Strong analytical, problem-solving, and communication skills.
- Ability to work effectively in a team, showing initiative and a willingness to learn.
