Roles & Responsibilities

The Government Technology Agency (GovTech) aims to transform the delivery of Government digital services by taking an "outside-in" view, putting citizens and businesses at the heart of everything we do. We also develop the Smart Nation infrastructure and applications, and facilitate collaboration with citizens and businesses to co-develop technologies.

Join us as we support Singapore’s vision of building a Smart Nation - a nation of possibilities empowered through info-communications technology and related engineering.

GovTech Cyber Security Group (CSG) is hiring cybersecurity specialists who are familiar with security architectures and cloud implementations. The specialist is required to research and identify potential security risks using Threat and Risk Assessment framework, and develop actionable measures to be applied across systems for the Whole of Government.

What you will be working on:

• Perform security risk assessments for large, national or Whole-of-Government projects or systems.
• Explore technologies and best practices to support development of standards.
• Support business initiatives through risk management, which involves performing security risk assessment to identify and analyse security risks, recommending risk treatment and mitigation measures, and assess residual risks.
• Ensure that key security requirements are defined and designed into the systems, implemented in accordance to the security design, and in compliance with prevailing ICT security policies and standards.
• Develop and review project specific security specifications and ensure alignment to assessed security risks, security requirements, prevailing ICT security policies and standards.
• Review security architectures, designs and implementations to ensure compliance with prevailing ICT security policies and standards. Identify design gaps and recommend security enhancements.
• Involve in designing artefacts (spanning design, development, and implementation) into enterprise systems that are aligned to security principles and overall Enterprise System Architecture.
• Stay abreast of current and emerging security technologies for cloud and on-premises, as well as the associated security threats and risks. Design security architecture and control measures to mitigate the relevant threats and risks.
• Align security architecture frameworks and standards with business strategies and functions.
• Involve in scoping of security tests, reviews and audits, as well as reviewing the results of security tests, reviews and audits to ensure security assurance is achieved.
• Partner with Ministry Chief Information Security Officer (MCISO) / Agency Chief Information Security Officer (ACISO), stakeholders, project teams, and outsourced vendors to ensure security objectives are achieved.
• Manage stakeholder relationships to ensure that consulting services delivered meet their expectations.

What we are looking for:

• Degree in Computer Science, Computer or Electronics Engineering or Information Technology or related disciplines.
• Minimum 3 years of IT security experience in IT security consultancy, and security operations (which includes experience in management, deployment and maintenance of security for ICT systems).
• Knowledge and experience in ICT security risk management methodologies and risk evaluation techniques.
• Able to articulate cybersecurity risks, mitigation measures and residual risks orally and in writing to stakeholders, in an easily understood and actionable manner.
• Knowledge of security technologies (such as SIEM, Log Management and Analysis Tools, firewall, cryptography, vulnerability scanning tools, endpoint security, identity and access management), and frameworks (such as MITRE ATT&CK framework), and security domains (such as network security, cloud security and application security).
• Knowledge of system security architecture concepts including network topology, protocols, components and principles (e.g. application of Defence in Depth), and able to specify where and how security controls should be applied to or engineered into the security design.
• Singapore Citizen only

We are an equal opportunity employer and value diversity at our company as we believe that diversity is meaningful to innovation. Our employee benefits are based on a total rewards approach, offering a holistic and market-competitive suite of perks. This includes generous leave benefits to meet your work-life needs. We trust that you will get the job done wherever you are, and whatever works best for you – so work from home or take a break to exercise if you need to*. We also believe it’s important for you to keep honing your craft in the constantly-evolving tech landscape, so we provide and support a plethora of in-house and external learning and development opportunities all year round.

*Subject to the nature of your job role that might require you to be onsite during fixed hours

Tell employers what skills you have

Information Security
Security Architecture
Security Audits
Governance, risk and compliance
Security Operations
Security Governance
Application Security
Vulnerability Scanning
Risk Assessment
Cyber Security
Governance
Risk Management
Information Technology
ICT Governance
Cloud
Consulting