Senior Security Manager - Singapore - INNERGY CONSULTING PTE. LTD.

    INNERGY CONSULTING PTE. LTD.
    INNERGY CONSULTING PTE. LTD. Singapore

    Found in: Talent SG 2A C2 - 1 week ago

    Default job background
    Description
    Roles & Responsibilities

    Senior Security Manager (Group Level)

    We are helping our client to look for an experienced Senior Security Manager. The Senior Security Manager acts as the overseer of all IT and Cybersecurity operations throughout the company's various branches. Their primary responsibility is to ensure the availability, integrity, and confidentiality of customer, business partner, employee, and business data in accordance with the organization's information security protocols. A crucial aspect of this role involves collaborating with executive leadership to define acceptable risk levels (pertaining to people, processes, and technology) for the company. Additionally, the Senior Security Manager is tasked with implementing and sustaining a comprehensive information security management program across the entire organization to ensure sufficient protection of information and digital assets.

    Responsibilities


    • Advisory

    • Lead in the overall leadership on cybersecurity strategy, risk management and incidence response.
    • Provide leadership to the enterprise's information security organization.
    • Partner with business stakeholders across the company to raise awareness of risk management concerns.
    • Assist with the overall business technology planning, providing a current knowledge and future vision of technology and systems.
    • Provide regular communication at executive/company level on the global cybersecurity scene.


    • Governance / Audit / Risk / Compliance Management

    • Lead, conduct and liaison with internal and external auditor to conduct periodic IT/Security Audit
    • Establish and formalize Risk Management for Business and IT through risks assessment.
    • Propose investments on solutions against risks exposure vs risks acceptance level vs impact to business and operations.
    • Work directly with the business units to facilitate risk assessment and risk management processes.
    • Understand and interact with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems and services.
    • Ensure compliant to local and global regulatory on IT/Cyber Security for shore offices, cloud environment and vessels.


    • Project Initiatives

    • To constantly survey and identify security gaps/short comings in the respective areas (infra, cloud, vessels) to device appropriate solutions (people, process, technology) for mitigation.
    • To propose and manage timeline, budget, and scope of work for IT security projects.
    • To work with respective stakeholders (internal/external) to enhance the overall company IT security posture through solution such as Bitsight, Watchtwr, CSA, etc.
    • To manage stakeholders' expectations and analyse the risk and impact of the company's operations when implementing new technologies.


    • Operation

    • Owner to develop, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program that covers on-prem, cloud and vessels globally across the group of subsidiaries.
    • Drive ongoing cybersecurity awareness program and campaigns (e.g. Phishing, USB attack, etc) to increase users' awareness.
    • Develop and enhance an information security management framework for the organization.
    • Overall owner responsible for Incident Response on any cyber related attacks.
    • Work with external vendor(s) and internal IT management to design, develop, and implement cyber related IT BCP initiatives (e.g. Incident Response, alternative workplace solution & strategy, etc).


    • Architecture

    • Member of the Technology Architecture Board to design and develop Security-first Software (API, Micro-services, Database/Stream) and Infrastructure (Cloud/On-Prem/Vessel) architecture.

    Requirements

    • Degree or Master's Degree in a technology and/or cybersecurity related field required.
    • Professional security management certification (CRISC, CISSP, CISM, & CISA, Qualified Information Security Professional, Certified Ethical Hacker, etc).
    • Excellent written and verbal communication skills and high level of personal integrity.
    • Excellent experience working and presenting to C-suite executives on cyber initiatives.
    • Innovative thinking with strong people engagement skills with an ability to lead and motivate cross-functional, interdisciplinary teams.
    • Experience with contract and vendor negotiations and management including managed services.
    • Experienced with working in organization that does in-house cloud native software development.
    • Experience with security standards / processes in a Cloud computing/Elastic computing environment, especially Azure.
    • Strong business acumen required to comprehend and evaluate business scenarios, make informed decisions, and take the necessary steps to achieve the organization's goals.
    • Minimum of 8 years of experience managing security for On-Prem Infrastructure and at least 5 years (DevSecOps/SecOps) with Cloud environments/instances (IaaS, PaaS & SaaS).
    • Minimum of 8 to 10 years of experience in a combination of risk management, information security.
    • Min. 5 years or more hands-on experience in evaluating, selecting, designing, and implementing various security processes, policies, and solutions.
    • Experienced in building an internal SOC team and/or managing MSSP.
    • Familiar with various data privacy and cybersecurity framework (e.g. NIST, ISO 27001/27002, SOC2, GDPR, OWASP, etc). Experienced with BIMCO is a plus.
    • Proficient with implementing and managing advanced and/or automated security solutions (e.g. IDS/IPS, EDR/XDR, SIEM, SOAR, SASE, SWG, BAS,..)
    • Experienced with implementing various cybersecurity architecture, e.g. OSI, Zero Trust Architecture, etc across Cloud and on Prem environments, including Azure / AWS.
    • Min. 5 years or more in building and leading a high-performance team.
    • Familiar and experienced with latest cloud-based infrastructure and cybersecurity technology solution.
    • Experienced in dealing with senior business stakeholders.
    • Experienced with leading teams and vendors from offices globally.

    Others


    • MNC and good corporate culture


    • 5-day work week

    To apply, please send your CV to -

    We regret that only shortlisted candidates will be notified.

    Tell employers what skills you have

    Information Security
    Microsoft Azure
    Managed Services
    OWASP
    Azure
    Cloud Computing
    Offshore Operations
    ISO
    Assurance
    Risk Management
    Microservices
    Security Management
    Technology Planning
    Containerization
    Cyber Incident Management
    CISA
    Information Security Management
    IT Management
    Audit
    CISSP