Deputy Manager, Information Security

The Role

To mitigate cyber security risks and build resilient operations across IHH Healthcare Singapore.

Key accountabilities

1. Assist in Strategy Development and Project Security Consulting:
   • Provide support to the Information Security Head of Department in the development and implementation of robust cybersecurity strategies aligned with organizational objectives and regulatory mandates.
   • Offer expertise and guidance in security consulting for various projects across hospitals, clinics, and corporate offices, ensuring that IHH SG cybersecurity checklists are completed and considerations are integrated seamlessly into all stages of project planning and execution.
   • Gather reports, compile statistics, and deliver presentations on threats detected and risk trends within IHH SG.
2. Cybersecurity Project Management:
   • Lead and oversee security proof of concept (PoC) projects to evaluate and validate the effectiveness of new security technologies and solutions before full-scale implementation.
   • Lead and manage cybersecurity projects, including the implementation of new security technologies, tools, and processes.
3. Threat Intelligence, Threat Hunting and Proactive Monitoring:
   • Conduct proactive monitoring of internal alerts and emerging threats using existing security tools.
   • Perform manual threat hunting to identify and address potential security risks promptly, collaborating with partners to ensure true positives are mitigated in a timely manner.
   • Continuously analyze and respond to security alerts from antivirus software, network detection and response systems, and external assets surface management (EASM) solutions.
   • Keep up-to-date with the latest cybersecurity threats, trends, and technologies, with extra attention on the Asia region and healthcare sector.
4. Security Operations Management:
   • Oversee daily security operations, including monitoring, detection, incident response, and threat management.
   • Ensure alerts raised from the Group Centre of Excellence (COE) are addressed and closed, especially alerts on endpoint detection and response (EDR).
   • Perform annual evaluations of USB access controls to ensure that access controls are regularly reviewed and adjusted as needed to maintain endpoint security resilience.
   • Ensure that all IT cybersecurity contracts are reviewed and renewed in a timely manner to prevent service disruptions and maintain continuous protection of IHH SG assets.
   • Participate in and perform role-play scenarios during ad-hoc cyber drills conducted by the hospital(s).
5. Incident Response Management:
   • Coordinate all aspects of incident response, from initial detection to resolution, encompassing investigation, containment, remediation, and reporting of security incidents.
   • Conduct thorough pre- and post-incident analysis to identify root causes and contributing factors, implementing necessary improvements to prevent future occurrences.
   • Collaborate closely with the Group SOC Team Lead to address any true positive cases, ensuring timely and effective response to security incidents across the organization.
6. Vulnerability, Risk and Penetration Test Management:
   • Review the execution of periodic/ad-hoc vulnerability and penetration tests within agreed scopes with application owners.
   • Ensure that test findings are promptly remediated before project go-live with relevant stakeholders.
   • Conduct quarterly VA security assessments with Group COE VA Team to ensure applications are compliant with industry best standards (i.e., NIST, ISO27001).
   • Manage the identification, assessment, and mitigation of security vulnerabilities and risks.
7. Regulatory Compliance and Audits:
   • Ensure IHH SG compliance with relevant cybersecurity regulations and standards (e.g., PII, PCI-DSS).
   • Prepare and participate in security audits and assessments, both internally and externally.

Qualifications & Experience

• Diploma graduate in Information Technology or equivalent.
• Overall IT relevant experience of a minimum of 5 years, in a combination of multi-disciplinary IT/Security Operations with a minimum of 3 years in cybersecurity.
• Experience and knowledge of cybersecurity threats, tools, and best practices (e.g., ISO270001, NIST).
• Experience and knowledge of cloud security is preferred.
• Experience and understanding of IT operations and processes.
• Understanding of Hospital Information Systems will be advantageous, especially in Singapore healthcare.
• Knowledge and experience in applying software patches based on product company advisories, e.g., Microsoft security patches.
• Experience in working for a demanding Security Operations Centre with multiple tracks.
• Knowledge of Security Standards and Frameworks including MITRE & ATT&CK, ISO 27001:2013, Data Protection, etc.
• Proficient in Information Security Management Systems (ISMS), cybersecurity, and technology risk management.
• Experience in working with third-party vendors and vendor management.
• Proficient in working with vendors for successful implementation of large turnkey projects with due diligence, risk management, and quality ensured.
• Knowledge of Healthcare standards such as Hl7, DICOM, and FHIR in the context of PII (Personally Identifiable Information) and PHI (Protected Health Information) governing laws like PDPA, PCI compliance, etc.

Additional Information

• Effective collaboration with internal and external stakeholders.
• Good verbal and written communication skills.
• Able to research and be well informed of the cybersecurity landscape.
• Able to think analytically and plan.
• Strong problem-solving skills.
• Possesses a process-oriented, detailed, thorough, and excellence-oriented disposition.
• Positive work attitude and ability to work under pressure.
• Attention to details.
• Conflict resolution and problem-solving.

KPIs:

• Meet or exceed the agreed Service Level Agreements for the division.
• Coverage of all the IT assets from a Security Operations perspective is always more than 99% of cybersecurity incidents and requests handled.
• Ensure all incidents/issues are tracked to closure.
• Ensure Security Activity Calendar gets published and followed through the year.