Overview:
The Cybersecurity Manager is responsible for all aspects of cybersecurity for NTUC First Campus (NFC), to ensure that the organization's cybersecurity posture remains robust and effective in the face of evolving threats and challenges, protect the organization's systems and ensure compliance with relevant regulations and standards.
 
This role manages cybersecurity for NFC end-to-end, including Cybersecurity architecture, policies/governance, risk management, operations, incident response and awareness. This would involve strategic planning, technical expertise, outsourcing management and collaboration with the internal IT team and various stakeholders.
 
 
Key Responsibilities:

• Design, implement and maintain a comprehensive and robust cybersecurity architecture framework / solutions architecture aligned with best practices
• Develop and enforce cybersecurity policies, standards, guidelines and processes.
• Conduct and/or support internal and external audits and assessments.
• Liaison with regulatory agencies to fulfill statutory requirements as required.
• Provide guidance and support to teams to address compliance gaps and improve security posture.
• Perform security risk assessments, formulate and advise on a risk treatment plan
• Review security testing reports (e.g. vulnerability assessment, penetration testing and secure code review) and work with application teams for remediation
• Conduct vendor evaluation and due diligence to ensure the security and reliability of third-party partners and solutions, guiding overall third-party risk management efforts
• Support the business in performing business impact analysis and maintaining a cybersecurity risk register
• Manage and operate enterprise security solutions that are deployed within the organization, managing cybersecurity monitoring and operations with support from vendors / partners (e.g. onboarding of privileged accounts to PAM, implementing WAF for website protection, and reviewing firewall rules, etc.)
• Design and implement security controls, protocols, and processes to safeguard networks, systems, and data from cyber threats.
• Integrate security measures into the infrastructure design and configuration to support cybersecurity objectives.
• Implement advanced threat detection and monitoring tools to detect and respond to security incidents in real-time.
• Work closely with Infrastructure, End User Support and Application teams to identify and address any risks and gaps in the infrastructure, endpoints, and application systems
• Collaborate with third-party vendors and contractors to ensure the security of outsourced systems and services.
• Primary Point of Contact and First Responder for organization CyberSecurity matters.
• Develop incident response plans and procedures to mitigate the impact of security breaches and minimize downtime.
• Coordinate with internal teams and external partners to investigate security incidents and implement remediation measures.
• Provide guidance and support to the organization on security-related issues, coordinate cybersecurity awareness activities (e.g. newsletters, trainings, phishing campaigns) and tabletop exercise.
• Work closely with the NFC Data Governance office on policies and measures for data protection.
• Evaluate cybersecurity products / solutions and partners to determine their suitability for the organization’s security requirements.
• Manage procurement and contracts for security products and partners

 
Qualifications and Requirements:

• Bachelor's Degree in Computer Science, Information Technology, Cybersecurity or related field; Master's degree preferred.
• Minimum of 5 years of experience in Cybersecurity
• Relevant professional certifications such as CISSP, CISM, CEH, or equivalent are preferred
• Proven experience in cybersecurity architecture, infrastructure design, and implementation.
• Strong knowledge of cybersecurity principles, standards, and best practices.
• Experience with security technologies such as firewalls, intrusion detection/prevention systems, SIEM, endpoint protection, encryption, Antivirus/Endpoint Detection and Response (EDR), Privilege Access Management (PAM), and Web Application Firewall (WAF)
• Familiarity with security assessment tools and techniques, including vulnerability scanning and penetration testing.
• Proficiency in network and system administration, including experience with cloud platforms (e.g., GCP, AWS, Azure).
• Familiarity with DevSecOps principles and practices.
• Excellent analytical and problem-solving skills.
• Excellent communication skills and the ability to explain complex technical concepts to non-technical stakeholders.
• Experience in vendor and project management
• Highly driven and keen learner