Senior Specialist, Global Cybersecurity

Job Title: Senior Specialist, Global Cybersecurity

Works closely with and have impact on All HSO Functions

Reports to: Senior Manager, Global Cybersecurity

Function: Global IT, Global Cybersecurity

Work Location/Site: GHQ, Singapore

Role Overview

The Senior Specialist, Cybersecurity is responsible for the hands-on implementation, configuration, and operational management of cybersecurity technologies across endpoint, cloud, and network environments.

The role focuses on executing and enforcing security controls, managing and optimising security platforms, supporting incident response, and continuously improving the organisation's operational security posture.

Working closely with the reporting officer (RO) and Corporate IT (CIT), this role operationalises defined cybersecurity frameworks, standards, and strategies into implementable technical controls, ensuring consistent deployment, integration, and enforcement across systems and platforms.

The role is also accountable for ensuring the effectiveness, reliability, and continuous improvement of implemented security controls across the environment.

Duties and Responsibilities

• Implement, configure and manage the lifecycle of cybersecurity platforms (EDR, NDR, WAF, firewalls, vulnerability management), including continuous tuning, optimisation, and obsolescence/EOL management
• Drive security hardening initiatives across endpoints and cloud platforms (e.g. Windows, Azure), including defining, deploying, and maintaining security baselines and policies
• Own and execute the global rollout and onboarding of security solutions, ensuring consistency, scalability, and operational effectiveness across environments
• Design actionable and enforceable technical controls and requirements based on the defined cybersecurity frameworks (NIST CSF, CIS), and drive adoption and measurable effectiveness across systems
• Support and lead investigation and response to security incidents, including deep-dive analysis, threat investigation, and end-to-end remediation
• Coordinate and drive incident response efforts with SOC/CIT teams, ensuring timely escalation, alignment, and resolution
• Support the vulnerability management lifecycle, from identification and prioritisation to remediation tracking and validation of risk closure
• Take accountability for resolution of security issues end-to-end, ensuring risks are effectively mitigated and lessons learned are embedded into operations
• Continuously enhance security operations by proactively tuning detection rules, improving monitoring capabilities, and strengthening overall security posture
• Drive and support cybersecurity initiatives (e.g. DLP, data classification, tool enhancements), ensuring successful implementation and integration into operations
• Develop and own operational reporting on incidents, risks, and security posture, providing actionable insights for management decision-making
• Act as a security partner to infrastructure, network, and application teams, proactively advising and driving the implementation of security controls aligned with organisational objectives

Requirements

Experience

• Minimum 8–10 years of IT experience (Infrastructure, Network, or Security), with at least 5 years of hands-on cybersecurity engineering experience across endpoint, network, and cloud environments
• Proven ability to work independently and drive implementation of cybersecurity controls end-to-end, while collaborating effectively with cross-functional stakeholders

Skills/Accreditations

• Working knowledge of security frameworks (NIST CSF, CIS) and their practical implementation
• Hands-on experience with Microsoft Azure security (identity, network, workload protection)
• Experience in incident response and security operations (detection, investigation, remediation)
• Strong skills in log analysis, threat investigation, and forensic evidence handling
• Proficiency in scripting/automation (e.g. PowerShell)
• Exposure to DevSecOps practices is advantageous
• Strong communication skills to articulate security risks and controls to diverse stakeholders