• 2-minute read •
Job Description:
The purpose of this position is to balance the business risk to Business Units with the appropriate strategic security solution to protect against threats that lead to untenable risk. This is a leadership role requiring expert level technical competency. The leader in this role must be able to build relationships with the IT teams in all the Business Units and provide sound security advice. The role is involved in projects or issues of high complexity that require in-depth expert level knowledge across multiple technical areas and business segments.
Business Units Engagement
Responsible for providing active and engaged leadership with business and Singtel Group IT teams relative to security design and review processes, as well security consulting expertise in support of strategic company initiatives.
Identify risks and system needs, perform threat assessment of identified vulnerabilities, define solutions and set standards, establish security policies and procedures to protect Group assets and its ability to perform its mission and objectives.
Work closely with business to align business-IT security governance to maintain balance between service capability and management of security-related risks.
Communicates, oversees, localizes and executes technical implementations of security solutions required to meet business local objectives.
Delivers expert level security engineering advisement and consulting to Singtel Group IT teams, and business personnel in order to implement 'security by design' for programs and projects.
Works closely with Singtel Group IT teams and other functional area specialists to ensure adequate security solutions are in place throughout all IT systems and platforms to mitigate identified risks sufficiently, and to meet business objectives and regulatory requirements.
Utilizes and suggest improvements to the business, information and technical artifacts that constitute the enterprise information security architecture and solutions.
This leader will collaborate with Singtel Group IT teams and is a bridge builder to understand the culture of the company and our business requirements to execute flawlessly in building and governing sprawling enterprise security architectures.
This role is to provide senior leader level enterprise consulting to business leaders and able to work under extreme pressure and tight deadlines in a calm and collaborative fashion leading from the front.
Software Security & Quality Assurance
Develop Software Security Assurance framework (based on international standards such as ISO 15026) to integrate security activities into the structure and processes of Software Development Life-Cycle (SDLC).
Define appropriate product/service security control requirements based on industry standards (e.g. ISO 27002) to be included into SDLC requirement capturing phase.
Conduct risk-based design analysis of application software to identify and assess control factors that may weaken the application structure.
Review coding guidelines to ensure secure coding standards (e.g. Open Web Application Security Project (OWASP) Secure Coding Practices) to be incorporated to SDLC to minimize security flaws in application software.
Work closely with developers to ensure code reviews are carried out to locate security weaknesses, with appropriate remediation to address risk exposure.
Work closely with business and developers on risk-based testing.
Continually assess and improve the SDLC processes to meet the changing risk landscape.
Innovation Centre
Identify emerging and new security technologies for possible adoption (either as a product for customers or internally).
Conduct or organize proof of concept tests to explore, validate and determine potential of the emerging and new security technologies.
Ensure that technologies to be introduced for internal adoption adheres to the overall security architecture for Singtel.
Evangelize the merits of the technologies to be adopted.
Job Requirements
Bachelor Degree in Computer Science, Computer Engineering, Electrical Engineering or other relevant field of study
Professional security management certifications such as a Certified Information Systems Security professional (CISSP), Certified Information Security Manager (CISM) or other similar credentials, is required.
Minimum 20 years experience as a security architect/network security architect.
Minimum 20 years practical experience developing information security policy, practices, standards, and guidelines.
5 plus years practical experience implementing ISO 27001/27002, NIST 800-53, or related frameworks.
5 plus years experience in current security tools, hardware/software security implementation, communication protocols, encryption techniques and tools.
Experience working as part of an internal Audit, Governance and Compliance team.
Advanced understanding in the following areas: Platform Security, Data Security, Network Security, Physical Security, Security Assessment Tools, Security Monitoring Tools.
Advanced understanding in the following areas: Security Governance Standards, Business Continuity Planning, Enterprise Risk Management, Computer Security Incident Response, and Security Compliance Audits.
Have exposure to other compliance audits such as PCI, SOX, mostly related to security part.
Pass it on for Referral Bonus. Not the right role for you, but know someone we should meet? Share with him to earn $1,000 referral bonus.