Agency Chief Information Security Officer (ACISO) #GovTechForPublicGood.

Description and Requirements

Press space or enter keys to toggle section visibility

GovTech supports various Government Agencies in carrying out ICT delivery services. The appointment of the Agency Chief Security Information Officers (ACISO) who have familiarity with Cybersecurity Governance, Operations, Engineering and Testing in on-premises and major cloud platforms (e.g., AWS, Azure, and GCP) and their security features, will ensure security is well-considered and uplifted in Agency’s ICT and digitalisation transformation matters. The ACISO will lead all aspects of the agency’s infocomm security management by planning, refining, recommending and implementing strategies, policies, and globally accepted practices aligned with the regulatory requirements.
Are you looking for a leadership role in your next cybersecurity career? If so, then this role provides the driver's seat and a highly visible exposure in cybersecurity management.

What you will be working on:

Emplaced in public agencies and reporting to the agency’s Chief Information Officer (CIO), you will collaborate with various stakeholders (including Ministry Family CISO (MCISO), GovTech HQ teams, Agency management teams, Agency project teams, and outsourced vendors) and will be responsible to:

• Lead the formulation of cyber security strategies and work plan, policies, standards and guidelines, supporting agency's digitalisation planning and aligning with Ministry Family (MF) strategic goals and policy baselines.
• Ensure the formulated Agency ICT security policies remain aligned with Ministry Family’s (MF’s) ICT security strategy goals with regular Gap analysis performed.
• Assist Agency management in overseeing ICT security matters, such as approving and tracking ICT security work plan and resourcing, monitoring performance in security indicators and risk acceptance decisions.
• Govern the security posture of the Agency by maintaining a full visibility of all ICT systems (Assets) across different operating environments, the systems’ security design, implementation and operations through regular reviews.
• Implement Cybersecurity risk assessment and acceptance processes at the management level. Review, provide consultation and endorse risk management and mitigation plans from agency’s project teams.
• Provide advisory and consultancy on the appropriate cyber security solutions and technologies to be deployed suitable to agency’s business operations and aligned with WOG-wide advisories and practices.
• Ensure the Agencies’ secure ICT development life cycle is complying to the security policies, and the security controls implementations are complying to the defined security policies, standards and guidelines.
• Design and implement end user security awareness programmes and establish defined processes for Threat and Incident Management.
• Plan, design and conduct security incident response workshops and exercises (table-top exercises, simulation and drills) and lead the investigation and management of ICT security incidents.

What we are looking for:

• Degree in Computer Science, Information Systems, Engineering or a related Technology based education. Good interpersonal and partner/ executive leadership skills.
• Ability to work with multi-functional, multi-disciplined teams to formulate, institute real time awareness of security posture and baseline among end users.
• Possess knowledge or experience in Infrastructure as Code (IaC) tools such as Terraform and Ansible, including their application in maintaining and automating secure on-premises and cloud environments.
• Identify on-premises and cloud-specific cybersecurity risks and threats, demonstrate skills to thoroughly assess their impact and likelihood. This assessment encompasses, but is not limited to, insider threats, vendor risks, data leakage, malwares including ransomware, account hijacking, and compliance risks.
• Display competence in evaluating the effectiveness of existing controls and recommending appropriate mitigation strategies for on-premises and cloud-related cybersecurity and data security issues.
• Exhibit a strong understanding of compliance requirements and the ability to identify potential violations in on-premises or cloud environments.
• At least 5-8 years of management experience related to information security and solid grasp of ICT operations, security policies, business processes and the relationship between them.
• Certifications are encouraged and demonstrate continuous learning and intake of standard methodologies applicable for this role. E.g., CISSP/ CISM/ CISA certifications.
• We believe in being Agile, Bold and Collaborative, and are looking for people who identify with these values.
• Singaporeans only.

GovTech is an equal opportunity employer committed to fostering an inclusive workplace that values diverse voices and perspectives, as we believe that diversity is the foundation to innovation.

Our employee benefits are based on a total rewards approach, offering a holistic and market-competitive suite of perks. These include leave benefits to meet your work-life needs and employee wellness programmes.

We champion flexible work arrangements (subject to your job role) and trust that you will manage your own time to deliver your best, wherever you are, and whatever works best for you.

Learn more about life inside GovTech at go.gov.sg/GovTechCareers.

Stay connected with us on social media at go.gov.sg/ConnectWithGovTech.