Roles & Responsibilities
We are assisting our reputable client, a healthcare group, in searching for an experienced Information Security professional to augment their existing team.
Responsibilities
1. Assist in Strategy Development and Project Security Consulting
- Provide support to the Head of Department in the development and implementation of robust cybersecurity strategies aligned with organizational objectives and regulatory mandates.
- Offer expertise and guidance in security consulting for various projects across hospitals, clinics, and corporate offices, ensure that cybersecurity checklists are completed, and ensure that considerations are integrated seamlessly into all stages of project planning and execution.
- Gather report, compile statistics, and deliver a presentation on threats detected and risk trends
2. Cybersecurity Project Management
Lead and oversee security proof of concept (PoC) projects to evaluate and validate the effectiveness of new security technologies and solutions before full-scale implementation.Lead and manage cybersecurity projects, including the implementation of new security technologies, tools, and processes.3. Threat Intelligence, Threat Hunting, and Proactive Monitoring
Conduct proactive monitoring of internal alerts and emerging threats using existing security tools.Perform manual threat hunting to identify and address potential security risks promptly, and collaborate with partners to ensure that true positive is mitigated promptly.Continuously analyse and respond to security alerts, antivirus software, network detection and response systems, and external assets surface management (EASM) solutions.Keep up-to-date with the latest cybersecurity threats, trends, and technologies, with extra attention on Asia region and the healthcare sector.4. Security Operations Management
Oversee daily security operations, including monitoring, detection, incident response, and threat management. Ensure alerts raised from the Group Centre of Excellence (COE) are addressed and closed, especially alerts on endpoint detection and response (EDR).Perform annual evaluations of USB access controls to ensure that access controls are regularly reviewed and adjusted as needed to maintain endpoint security resilience.Ensure that all IT cybersecurity contracts are reviewed and renewed promptly to prevent service disruptions and maintain continuous protection of the company’s assets.Participate in and perform role-play scenarios during ad-hoc cyber drills exerciseWork closely with the Group COE on cybersecurity-related tasks.5. Incident Response Management
Coordinate all aspects of incident response, from initial detection to resolution, encompassing investigation, containment, remediation, and reporting of security incidents.Conduct thorough pre- and post-incident analysis to identify root causes and contributing factors, and implement necessary improvements to prevent future occurrences.Collaborate closely with the Group SOC Team Lead to address any true positive cases, ensuring a timely and effective response to security incidents across the organization.6. Vulnerability, Risk, and Penetration Test Management
Review the execution of periodic / ad-hoc vulnerability and penetration tests within agreed scopes with the application owner. Ensure that test findings are promptly remediated before the project goes live with relevant stakeholders.Conduct quarterly VA security assessments with the Group COE VA Team to ensure applications are compliant with industry best practices. (i.e : NIST, ISO27001). Manage the identification, assessment, and mitigation of security vulnerabilities and risks. Ensure critical and high findings are addressed within the specified timeline.Assist Group COE during the annual exercise on Dynamic Assessment Security Testing (DAST) and security configuration reviews. Work closely with respective stakeholders for information gathering and remediation fixes within the specified timeline.Prepare quarterly risk statistics and trends both for in-country and group levels.7. Regulatory Compliance and Audits
Ensure the company’s compliance with relevant cybersecurity regulations and standards (e.g., PII, PCIDSS).Prepare and participate in security audits and assessments, both internally and externally.Engage stakeholders to address the audit findings promptly, facilitating discussions and providing necessary guidance and support.Follow up with stakeholders to ensure the timely resolution of identified issues and alignment with established policies and standards.Work with the Group COE governance and compliance team to refine policies and standards based on Singapore regulations and hardening baselines based on industry best practices.Requirements :
Cybersecurity and IT Risk management professional certificates from ISC2 or ISACA are preferredMinimum 5 years, in a combination of multi-disciplinary IT / Security Operations with minimum of 3 years in cybersecurity.Experience and knowledge of cybersecurity threats, tools, and best practices (e.g. ISO270001, NIST).Experience and knowledge of cloud security are preferred.Experience and understanding of IT operations and processes.Understanding of Hospital Information systems will be advantageous, especially in Singapore healthcare.Knowledge and experience in applying software patches based on product company advisories, e.g. Microsoft security patches.Experience in working for a demanding security operations Centre with multiple tracksKnowledge of Security Standards and Frameworks, including MITRE & ATT&CK, ISO 27001 : 2013, Data Protection etcProficient in Information Security Management Systems (ISMS), cybersecurity, and technology risk managementExperience in working with third-party vendors and vendor managementProficient in working with vendors for the successful implementation of large turnkey projects with due diligence, risk management, and quality ensuredTell employers what skills you have
Information Security
Security Audits
Security Operations
Remediation
Due Diligence
Regulatory Compliance
Investigation
Risk Management
Vendor Management
Project Management
Audits
Threat Intelligence
Statistics
Information Security Management
Audit