Assistant Director - Singapore - SYNAPXE PTE. LTD.

SYNAPXE PTE. LTD.

Verified Company

Singapore

2 weeks ago

Posted by:

Wei Jie

beBee Recruiter

Description

***The Assistant Director has oversight of ICT risk as part of enterprise risk, and ensures the risk appetite is understood, articulated, and communicated. He is also responsible for overseeing ICT compliance with regulatory requirements, policies, and standards. He/she works with CISO to gather inputs into risk register, including risk mitigation measures and risk deviations. He/she also works with Enterprise Risk Management team on strategies and programs for effective compliance to regulations and policies.

ROLES & RESPONSIBILITIES

Every NHG Entity shall appoint a ICT Security Project Lead to ensure that day-to-day ICT efforts and projects for Entity managed systems comply with prevailing ICT security policies and standards.

The ICT Project Lead is to work within the I&T Infrastructure & Security Operation team to harmonize ICT security work plans and resourcing within the Entity.

ICT Security Strategy

Formulate the ICT security work plans with NHG Entities, and align them with Entities' ICT security strategy; and
Responsible for resourcing to meet the Entity's strategic goals.

Gap Analysis

Conduct gap analysis to identify ICT security risks faced by the Entity, and assess the Entity's ICT security posture and level of maturity against the Entity's ICT security maturity model.

Security Governance

Maintain an overall view of the ICT security design, implementation and operations of ICT systems;
Comply with Entity and Health Instruction Manual (HIM) security requirements;
Collate key security metrics which will be aggregated at the public healthcare level;
Put in place and regularly review (annually, or whenever there are changes to its business/ICT environment) the security metrics; and
Implement the NHG Entities' risk and control program to manage the security posture of the Entities' systems.

Risk Management

Ensure that all the Entity's ICT systems perform a thorough ICT security risk assessment, including endtoend vulnerability management, recommended mitigations and remediation.
Support relevant stakeholders to provide regular updates to internal and external stakeholders on organisation's risk posture.

Incident Management

Ensure systems have a defined process for the identification and management of incidents is inplace;
Ensure systems have appropriate security controls inplace to detect, prevent and recover from any security incident;
Support the Cybersecurity Incident Response Manager (CSIRM) in the investigation and management of ICT security incidents; and
Plan, design and conduct security incident response workshops and exercises (tabletop exercises, simulation and drills).
Support relevant stakeholders to provide timely incident updates and develop action plan to management team.

Secure Development Lifecycle

Ensure that management and execution of all Entities' ICT system development and project management are in compliance to HIM's security and related requirements; and
Review all Entitys' security testing reports (Vulnerability Assessments/ Penetration Tests/ Source Code Review) and ensure mitigation is performed satisfactorily.

Security Controls Implementation - Work with System Owners to ensure that the management and execution of all Entity's ICT systems are operating in compliance to HIM's security and other security requirements, including:

Patching, hardening and management of deviations;
Network connectivity to Healthcare Enterprise networks;
Privileged and remote access user management; and
Logging of key system events and activities to enable incident investigations.

ICT Asset Management

Maintain full visibility of Entity's ICT assets for systems and products across various operating environments (such as but not limited to Intranet, Internet, Extranet).

ICT Audit and Compliance

Providing oversight on audit and compliance matters;
Conducting internal reviews and audits, as well as directing all compliance activities;
Advising internal management and stakeholders on the implementation of compliance programs;
Developing risk management strategies to ensure appropriate risk mitigation and controls are in place;
Identifying the lack of policy and process, assessing effectiveness of current policies and processes, and recommending required changes;
Reporting and maintaining accurate compliance records;
Facilitating internal stakeholder engagement on new policies and regulations; and
Ability to manage and front the internal and external auditors and regulators
Provide coaching and mentorship to internal teams on new regulatory and compliances as per policy.

REQUIREMENTS & QUALIFICATIONS

Degree in Computer Science, Engineering or equivalent.
At least 15 years working experience in developing, implementing, and directing IT operations, with 5 years in security governance and security compliance review.
Working knowledge with cyber security controls, processes, and stand