IT Security Analyst, Governance, Risk and Compliance (Information Security Department) [NIE]
Nanyang Technological University
Nanyang Technological University is one of the top universities in Singapore offering undergraduate and postgraduate education in engineering, business, science, humanities, arts, social sciences, education and medicine.
ABOUT THE NATIONAL INSTITUTE OF EDUCATION (NIE)
The National Institute of Education (NIE), Singapore, is Singapore’s national teacher education institute and we are proud to be an integral part of the nation’s education service. We play a key role in the preparation of teachers and in the provision of teacher professional and school leadership development programmes.
NIE invites suitable candidates to join the Division of Academic Computing & Information Services (ACIS) as a Security Analyst for Governance, Risk, and Compliance (GRC). This is a 3-year contract position.
Key Responsibilities:
- Coordinate with internal and external audit teams and assist in audit planning.
- Help deliver security awareness programs for staff and manage security governance efforts.
- Stay updated on IT trends and recommend best practices to align with governance policies.
- Support cybersecurity projects to ensure alignment with security objectives.
- Assist in identifying and assessing IT risks and managing vulnerabilities and threats.
- Support risk management in cybersecurity projects by focusing on threats and vulnerabilities.
- Track and monitor audit remediation actions related to risk management.
- Measure the effectiveness of security awareness programs to minimize risks from human error.
Compliance:
- Ensure compliance with internal standards (ISO 27001, ISO 22301) and external regulations.
- Facilitate responses to internal and external IT audits.
- Participate in audit engagements and report on audit issues and remediation.
- Provide ongoing compliance reporting to ensure timely remediation of audit findings.
Requirements:
Educational Qualification(s):
- A University Degree in Information Technology, Cybersecurity, Risk Management, or Compliance, or an equivalent qualification.
- Desirable Certifications: CISSP, CISM, CISA, CRISC, or other relevant certifications.
- 3-5 years of experience in Information Security, IT Risk Management, or Compliance, preferably in a higher education or similar environment.
- Experience with IT security audits and compliance reviews in regulated industries.
- Experience with vendor security assessments and managing third-party security risks.
- Experience in security awareness training and working in cross-functional teams.
Knowledge Required:
- Security Frameworks: ISO 27001, CTM, NIST, CIS controls, and their application in operational environments.
- Regulatory Standards: Understanding of the Cybersecurity Bill, PDPA, and related security laws.
- Risk Management: Knowledge of risk assessments, mitigation strategies, and identifying threats to information systems.
- Audit Processes: Understanding security audit processes, compliance, and remediation.
- IT System: Good knowledge of IT infrastructure, application management, and cybersecurity practices.
- GRC Tools: Experience with Governance, Risk, and Compliance platforms and software is advantageous.
Skills and Competencies:
- Analytical Skills: Ability to analyze security risks and make data-driven decisions.
- Communication Skills: Ability to convey technical security concepts to non-technical audiences and document findings.
- Problem-Solving: Strong problem-solving capabilities, particularly during security incidents.
- Attention to Detail: High focus on detail in audits and risk assessments.
- Project Management: Ability to manage multiple projects, prioritize tasks, and meet deadlines.
- Team Collaboration: Proven ability to work with cross-functional teams (IT, legal, compliance, vendors).
Other Personal Attributes:
- Integrity and Confidentiality: High ethical standards and the ability to handle sensitive information.
- Proactivity: Ability to act independently and proactively address security challenges.
- Adaptability: Capable of adjusting to evolving security threats and changes in regulations.
- Resilience under Pressure: Ability to make sound decisions under pressure, particularly during audits or security incidents.
Closing Date:
The closing date of the advertisement is 13 November 2024. We regret that only shortlisted candidates will be notified.