Cyber Security Lead/ Manager

Main Responsibilities

• Develop and implement a comprehensive cybersecurity strategy aligned with business objectives, including cloud migration and operations. This includes risk assessments, policy development, incident response planning, and cloud security architecture design. Work closely with IT and business stakeholders to understand cloud adoption plans and integrate security from the start.
• Fostering an accountable and sustainable information security risk-conscious culture and security infrastructure founded on high-quality standards.
• Configure and maintain security tools such as firewalls (Sonic-Firewall), intrusion detection/prevention systems (IDS/IPS), antivirus/anti-malware software (Trellix), SIEM systems, and cloud-specific security solutions (e.g., CASB, CSPM).
• Perform vulnerability scans and penetration testing across both environments. Evaluate and recommend cloud-native security tools and services.
• Implement and enforce cloud security best practices, including identity and access management (IAM) with least privilege, data encryption at rest and in transit, security configuration of cloud services (e.g., AWS, Azure, GCP), and secure DevOps practices.
• Develop and maintain cloud security configuration baselines.
• Lead incident response efforts, including containment, eradication, recovery, and post-incident analysis, considering the nuances of cloud environments. Conduct basic forensic analysis as needed.
• Develop and deliver security awareness training programs for employees, including phishing simulations, best practice guidance for cloud usage, secure remote work practices, and data protection in the cloud.
• Create and maintain security policies, procedures, and documentation, with specific sections addressing cloud security, data governance in the cloud, compliance with relevant cloud security standards, and acceptable use of cloud services.
• Conduct internal security audits and assist with external audits, including assessments of cloud security controls and compliance with relevant regulations.
• Provide security guidance to IT Staff, including cloud engineers and developers, and assist with troubleshooting security-related issues in both on-premises and cloud environments. Participate in cloud architecture reviews and provide security recommendations.
• Manage cybersecurity budget, including cloud security spending.
• Stay up-to-date with the latest cybersecurity threats, vulnerabilities, best practices, and cloud security trends.
• Manage a team of Cyber engineers and assign day-to-day tasks on Cyber operations and change management.
• Manage a risk register and mitigation strategy and present to the senior management for their endorsements and awareness.

Requirements

• Bachelor's degree in Computer Science, Information Security, or a related field preferred.
• Proven experience (min 7 years) in a cybersecurity role, preferably in a small to medium-sized business environment, with demonstrable experience in cloud security.
• Strong technical skills in network security, endpoint security, vulnerability management, incident response, and cloud security (AWS, Azure, or GCP experience preferred).
• Hands-on experience with security tools and technologies (e.g., firewalls, IDS/IPS, SIEM, CASB, CSPM).
• Hands-on experience in M365 admin, Qlaysys Patch management, Managed engine (ME) etc.
• Knowledge of relevant security frameworks and regulations (e.g., NIST, ISO 27001, GDPR, CCPA, HIPAA) and cloud security frameworks (e.g., CSA Cloud Controls Matrix).
• Excellent communication, interpersonal, and problem-solving skills.
• Ability to work independently and as part of a team.
• Relevant certifications (e.g., CISSP, CISM, CompTIA Security+, CCSP, AWS Certified Security Specialty, Azure Security Engineer) are a plus.
• Managing internal and external audit experience.
• Managed large scale App onboarding and security standards.

Interested applicants please send your resume to venessagoh@recruitexpress.com.sg.

Venessa Goh Wee Ni
R24124686
Recruit Express Pte Ltd
EA License No: 99C4599
RCB No.: 199601303W

We regret that only shortlisted candidates will be contacted.