Assistant Director - Singapore - SYNAPXE PTE. LTD.
Description
***The Assistant Director has oversight of ICT risk as part of enterprise risk, and ensures the risk appetite is understood, articulated, and communicated. He is also responsible for overseeing ICT compliance with regulatory requirements, policies, and standards. He/she works with CISO to gather inputs into risk register, including risk mitigation measures and risk deviations. He/she also works with Enterprise Risk Management team on strategies and programs for effective compliance to regulations and policies.ROLES & RESPONSIBILITIES
Every NHG Entity shall appoint a ICT Security Project Lead to ensure that day-to-day ICT efforts and projects for Entity managed systems comply with prevailing ICT security policies and standards.
The ICT Project Lead is to work within the I&T Infrastructure & Security Operation team to harmonize ICT security work plans and resourcing within the Entity.
ICT Security Strategy- Formulate the ICT security work plans with NHG Entities, and align them with Entities' ICT security strategy; and
- Responsible for resourcing to meet the Entity's strategic goals.
- Conduct gap analysis to identify ICT security risks faced by the Entity, and assess the Entity's ICT security posture and level of maturity against the Entity's ICT security maturity model.
- Maintain an overall view of the ICT security design, implementation and operations of ICT systems;
- Comply with Entity and Health Instruction Manual (HIM) security requirements;
- Collate key security metrics which will be aggregated at the public healthcare level;
- Put in place and regularly review (annually, or whenever there are changes to its business/ICT environment) the security metrics; and
- Implement the NHG Entities' risk and control program to manage the security posture of the Entities' systems.
- Ensure that all the Entity's ICT systems perform a thorough ICT security risk assessment, including endtoend vulnerability management, recommended mitigations and remediation.
- Support relevant stakeholders to provide regular updates to internal and external stakeholders on organisation's risk posture.
- Ensure systems have a defined process for the identification and management of incidents is inplace;
- Ensure systems have appropriate security controls inplace to detect, prevent and recover from any security incident;
- Support the Cybersecurity Incident Response Manager (CSIRM) in the investigation and management of ICT security incidents; and
- Plan, design and conduct security incident response workshops and exercises (tabletop exercises, simulation and drills).
- Support relevant stakeholders to provide timely incident updates and develop action plan to management team.
- Ensure that management and execution of all Entities' ICT system development and project management are in compliance to HIM's security and related requirements; and
- Review all Entitys' security testing reports (Vulnerability Assessments/ Penetration Tests/ Source Code Review) and ensure mitigation is performed satisfactorily.
- Patching, hardening and management of deviations;
- Network connectivity to Healthcare Enterprise networks;
- Privileged and remote access user management; and
- Logging of key system events and activities to enable incident investigations.
- Maintain full visibility of Entity's ICT assets for systems and products across various operating environments (such as but not limited to Intranet, Internet, Extranet).
- Providing oversight on audit and compliance matters;
- Conducting internal reviews and audits, as well as directing all compliance activities;
- Advising internal management and stakeholders on the implementation of compliance programs;
- Developing risk management strategies to ensure appropriate risk mitigation and controls are in place;
- Identifying the lack of policy and process, assessing effectiveness of current policies and processes, and recommending required changes;
- Reporting and maintaining accurate compliance records;
- Facilitating internal stakeholder engagement on new policies and regulations; and
- Ability to manage and front the internal and external auditors and regulators
- Provide coaching and mentorship to internal teams on new regulatory and compliances as per policy.
REQUIREMENTS & QUALIFICATIONS
- Degree in Computer Science, Engineering or equivalent.
- At least 15 years working experience in developing, implementing, and directing IT operations, with 5 years in security governance and security compliance review.
- Working knowledge with cyber security controls, processes, and stand
More jobs from SYNAPXE PTE. LTD.
-
Assoc PMO Manager
Singapore - 3 weeks ago
-
Project Manager
Singapore - 2 weeks ago
-
Cloud Engineer
Singapore - 1 week ago
-
MsSQLdatabase Administrator
Singapore - 2 weeks ago
-
Lead Engineer
Singapore - 3 weeks ago
-
Finance Manager
Singapore - 3 weeks ago