Senior/ IT Consultant (IT Security)

Reporting to the Lead IT Consultant (IT Security) and supporting the Communications & Information Technology Division in all SIT’s IT security initiatives.

Key Responsibilities:

• Proficient in securing Cloud environments, including platforms such as Azure, AWS, Google Cloud or Huawei Cloud.
• Develop and carry out IT security policies, procedures and plans.
• Conduct security review of existing systems on their ability to provide adequate defence against the latest security threats.
• Manage vulnerability assessments, penetration testing, and secure code reviews for IT systems and applications. This encompasses understanding the identified gaps/vulnerabilities and investigating suitable remediation strategies.
• Jointly work with IT infrastructure and application development teams and business owners to provide security consultancy and assurance to IT systems and applications.
• Drive and conduct IT Security awareness and training like security talks, phishing simulation and incident response exercises.
• Jointly monitor, track and review with IT Governance team and other IT teams on all information security risk findings and assessments.
• Manage and investigate cyber security alerts and notifications from cyber surveillance and threat intelligence to identify root cause and impact for effective containment, mitigation and future improvements.
• Manage and investigate IT Security incidents to identify root cause and impact for effective containment, mitigation and future improvements.
• Experience and knowledge of technologies such EDR/XDR, DAM, MDM, Microsoft AIP, VMS, CASB, SWG, SASE, ZTA, PAM, IAM, MFA, NAC, Red Teaming is highly desirable.
• Research new security technologies, threats and vulnerabilities to improve SIT’s security posture.
• Experienced in overseeing security projects, procuring, and renewing security services and tools.
• Detailed reporting on IT security initiatives, scans, incidents to SIT management and statutory reporting to CSA and MOE.

Requirements:

• Bachelor's degree in Computer Science, of Information Technology or equivalent, with minimum 6 years' experience in Information and Cyber Security
• Good knowledge and experience with cloud security of Amazon Web Services (AWS), Microsoft Azure, Microsoft 365 and SaaS solutions, security and risk standards and frameworks like NIST CSF, ISO27001, ISO27005, MTCS, CSA Security-by-Design (SB) and PDPA is essential; familiarity with Government IM, ISO31000 and PCI-DSS is desirable
• Other relevant certifications such as CISSP/CISA/CISM, CREST, CEH, CHFI would be advantageous
• Possess excellent written and oral communication skills with the ability to present ideas and results to all levels of staff, including C-Level and Board executives
• Good analytical and problem-solving skills
• Have a positive attitude and excellent team player