Associate Director, Information Security
Date: 7 Jan 2024
At Singtel, our mission is to Empower Every Generation. We are dedicated to fostering an equitable and forward-thinking work environment where our employees experience a strong sense of Belonging, to make meaningful Impact and Grow both personally and professionally. By joining Singtel, you will be part of a caring, inclusive and diverse workforce that creates positive impact and a sustainable future for all.
We create great technology that can change the future, and we’re looking for people to be part of our digital and 5G journey. If you like to work in a dynamic, leading communications technology group to deliver innovations and excellence across the region, come join our digital, software engineering, data and cyber security teams!
We are seeking a highly skilled and experienced Senior Manager/Associate Director, Information Security to join the Business Information Security Office in one of Singtel’s Group Business Units (GBUs). We believe cybersecurity and information security are critical business enablers to achieve our organisation’s mission, goals, and objectives. The successful candidate will be responsible for an effective cybersecurity and information security governance, risk management and program in the GBU. You will work with the GBU’s technology owners to strengthen the cyber resilience of our technology assets and safeguard our information assets.
Apply now, and ignite our digital future together.
Make an Impact by
- Develop and maintain strong partnerships with business leaders and technology owners to understand their needs and requirements related to security advisories. Support the business and serve as a subject matter expert on information security and cybersecurity matters. Gain ongoing commitment from senior leadership and other stakeholders to support the successful implementation of the information security strategy.
- Provide independent oversight of the cybersecurity risk management process and ensure that Business Unit performs risk assessments and remediates the identified risks per the defined process.
- Strong analytical skills with the ability to collect and analyse significant amounts of information. Capable of summarising and presenting analysis from significant amounts of information to constructively drive actions and decisions. Conduct security risk assessment and business impact analysis and develop a security risk treatment plan.
- Analyse organisational and operational environment, such as assess & document threats, and determine system protection needs. Collaborate with stakeholders for risk management, mitigation, and remediation measure.
- Point of contact to assist and advise Line-of-Business for cybersecurity-related matters. Strong interpersonal and communication skills with the ability to interact with technical SMEs and business stakeholders and present to senior management stakeholders.
- Participate in and/or oversee the risk identification, risk assessment, and risk treatment process; the vulnerability assessment and threat analysis process.
- Define and monitor management and operational metrics for the information security program. Report on information security key risk indicators (KRIs), including noncompliance and changes in information risk, to key stakeholders to facilitate the risk management decision-making process.
- Partner with GCR Group Governance & Compliance to enforce, rollout and implement new security policies, standards, guidelines and awareness programs across the Group. Participate in Change Approval Board (CAB) for the BU to support governance over technology and security changes.
- Partner Group Risk Management (GRM) and Internal Audit (IA) and other risk functions to support risk management efforts and reviews. Partner Legal and Procurement to review 3rd Party contracts to ensure security requirements are adequately covered to protect Singtel Group’s interest.
Skills for Success
- Diploma/Degree or higher in Computer Science / Information Systems / Cyber Security or related discipline, or equivalent work experience
- At least 8 to 12 years of experience in information security and/or cybersecurity in telco/techco or Critical Information Infrastructure (CII) sectors
- Strong knowledge in information security, cybersecurity and privacy protection, information security management systems – requirements, and information security controls such as CIS Critical Security Controls, ISO/IEC 27001 and 27002, NIST Cybersecurity Framework, etc
- Strong knowledge in domains such as security and risk management, communication and network security, asset security, identity and access management (IAM), security architecture and engineering, security assessment and testing, and software development security, cloud concepts architecture & design, cloud data security, cloud platform & infrastructure security, cloud application security
- Good understanding of the Cybersecurity Act in Singapore, Cybersecurity Code of Practice (CCoP) for CII, Personal Data Protection Act (PDPA), or MAS Technology Risk Management (TRM) Guidelines, etc
- Professional certifications such as Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP) preferred
- Experience with BitSight, CIS SecureSuite tools, Immuniweb, Archer, JIRA, BWise, Prevalent AI, etc
- Strong leadership skills with the ability to lead and influence cross-functional teams without direct authority
- Excellent communication and interpersonal skills with the ability to work collaboratively with cross-functional teams
- Ability to think strategically and solve complex problems
- Strong project management skills, with the ability to manage multiple projects simultaneously and deliver results on time and within budget
Headquartered in Singapore, Singtel has 140 years of operating experience and played a pivotal role in the country’s development as a major communications hub. Optus, our subsidiary in Australia, is a leader in integrated telecommunications, constantly raising the bar in innovative products and services.
We are also strategically invested in leading companies in Asia and Africa, including Bharti Airtel (India, South Asia and Africa), Telkomsel (Indonesia), Globe Telecom (the Philippines) and Advanced Info Service (Thailand). We work closely with our associates, leveraging our scale in networks, customer reach and extensive operational experience to lead and shape the communications industry.
Together, the Group serves over 700 million mobile customers around world. Singtel is one of the largest listed Singapore companies on the Singapore Exchange by market capitalisation.
The Group has a vast network of offices throughout Asia Pacific, Europe and the USA, and employs more than 23,000 staff worldwide.