Manager, CyberSecurity & IT Governance

National Gallery Singapore
Singapore
SGD 80,000 - 100,000
Job description

The Cybersecurity Manager is responsible for safeguarding the art museum's digital assets, information systems, and IT infrastructure from cyber threats. The role encompasses overseeing the implementation of cybersecurity protocols, managing risk, and ensuring compliance with industry standards and governance policies. The ideal candidate will also possess a strong understanding of IT governance to align cybersecurity strategies with the museum's objectives and operations.


Key Responsibilities:

  1. Cybersecurity Strategy & Implementation:
    1. Develop and implement a comprehensive cybersecurity strategy tailored to the museum's needs.
    2. Oversee the deployment of security technologies (firewalls, intrusion detection, anti-malware) and ensure their proper operation.
    3. Conduct vulnerability assessments and penetration testing on systems, networks, and devices to identify and mitigate risks.
  2. IT Governance, Data Governance & Compliance:
    1. Establish and enforce IT governance policies in line with industry standards and legal/regulatory requirements (e.g. PDPA, ISO27001) and how they interact with IT governance and cybersecurity strategies. Collaborate with museum leadership to align cybersecurity policies with strategic goals.
    2. Monitor and ensure compliance with internal governance frameworks, data privacy laws, and external audit requirements.
    3. Manage and perform assessment and review on security review for applications and systems.
    4. Collaborate with the Data Governance team to establish and enforce data governance policies, standards, and procedures, ensuring alignment with the overall IT governance strategy.
    5. Implement and oversee frameworks for data protection, data lifecycle management, and regulatory compliance, including data classification and data handling standards.
  3. Incident Response & Management:
    1. Develop and manage the incident response plan, ensuring rapid and effective response to cybersecurity incidents, including data-related breaches.
    2. Coordinate with external agencies and partners for threat intelligence and reporting.
    3. Conduct post-incident analysis and ensure continuous improvement in response tactics.
    4. Work with Data Governance and IT teams to ensure proper logging, monitoring, and alerts for data breaches or unauthorized access to sensitive data.
  4. Risk Management:
    1. Lead cybersecurity risk assessments and establish risk management plans, considering threats to museum data, artwork security systems, and visitor information.
    2. Implement controls to safeguard sensitive information (e.g., donor data, collections inventory, financial records).
    3. Maintain up-to-date risk registers and report on the security posture of museum systems.
    4. Conduct regular risk assessments and audits of data governance processes to identify gaps in data security and compliance.
    5. Partner with the Data Governance team to monitor compliance with data protection regulations, including conducting privacy impact assessments and data breach investigations.
  5. Staff Training & Awareness:
    1. Create and deliver cybersecurity awareness training for museum staff, volunteers, and contractors.
    2. Promote a culture of security awareness and ensure best practices are followed across the organization.
  6. IT and Data Asset Protection:
    1. Secure the museum's technology stack, especially with regards to personal data and intellectual property on Gallery's system, such as CDP/CRM, artwork collections systems, and ticketing system.
    2. Ensure security and compliance of digital assets and systems.
    3. Collaborate with the Data Governance team to implement data classification schemes and maintain a comprehensive data inventory, including critical, sensitive, and regulated data.
  7. Vendor & Third-Party Management:
    1. Assess third-party vendors and contractors to ensure compliance with the museum's cybersecurity policies.
    2. Negotiate security terms in vendor contracts and oversee third-party risk management.

Qualifications

Must-Haves:

  1. Bachelor's degree in Computer Science, Information Security, or related field.
  2. 5+ years of experience in cybersecurity, preferably within a cultural institution, museum, or non-profit environment.
  3. Experience in IT governance (e.g. COBIT, ITIL), data governance risk management, and compliance (GRC).
  4. Proficient in network security technologies (e.g. firewalls, VPNs, IDS/IPS).
  5. Expertise in cybersecurity practices such as data encryption, data masking, identity and access management, and vulnerability assessments.
  6. Strong problem-solving skills and the ability to think critically under pressure.
  7. Effective communication skills, with the ability to translate complex technical issues into accessible language for museum staff and stakeholders.
  8. Interest in art and a desire to protect the museum's mission through robust cybersecurity.

Good-to-Haves:

  1. Hands-on experience with security operations, incident response, and digital forensics.
  2. Experience with data governance tools (e.g. MS Purview, Atlation, Informatica).
  3. CISSP, CISM, CRISC.
Get a free, confidential resume review.
Select file or drag and drop it
Avatar
Free online coaching
Improve your chances of getting that interview invitation!
Be the first to explore new Manager, CyberSecurity & IT Governance jobs in Singapore