Back to all jobs
- Seniority
- Lead
About the role
<p><span data-contrast="auto">GovTech supports various Government Agencies in carrying out ICT delivery services and appoints Agency Chief Information Security Officers (ACISO) to oversee information security management within these agencies. The ACISO is a leadership role that requires technical proficiency demonstrated in multiple cybersecurity domains. The role demands knowledge and/or practical experience in most of the domains below:</span><span data-ccp-props="{}"> </span></p>
<ul>
<li data-leveltext="" data-font="Symbol" data-listid="6" data-list-defn-props="{"335552541":1,"335559685":761,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="1" data-aria-level="1"><span data-contrast="auto">Cybersecurity Governance frameworks, </span><span data-ccp-props="{}"> </span></li>
</ul>
<ul>
<li data-leveltext="" data-font="Symbol" data-listid="6" data-list-defn-props="{"335552541":1,"335559685":761,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="2" data-aria-level="1"><span data-contrast="auto">Security Operations including incident response,</span><span data-ccp-props="{}"> </span></li>
</ul>
<ul>
<li data-leveltext="" data-font="Symbol" data-listid="6" data-list-defn-props="{"335552541":1,"335559685":761,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="3" data-aria-level="1"><span data-contrast="auto">Architecture design and threat risk assessment,</span><span data-ccp-props="{}"> </span></li>
</ul>
<ul>
<li data-leveltext="" data-font="Symbol" data-listid="6" data-list-defn-props="{"335552541":1,"335559685":761,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="4" data-aria-level="1"><span data-contrast="auto">Security Testing. </span><span data-ccp-props="{}"> </span></li>
</ul>
<p><span data-contrast="auto">The ACISO must possess technical understanding of both on-premises infrastructure security and cloud security architectures across major platforms (e.g., AWS, Azure, and GCP), including their native security features, identity management systems, and security control implementations. </span><span data-ccp-props="{}"> </span></p>
<p><span data-ccp-props="{}"> </span></p>
<p><strong><span data-contrast="auto">[What you will be working on]</span></strong><span data-ccp-props="{}"> </span></p>
<p><span data-contrast="auto">Emplaced in public agencies and reporting to the agency’s Chief Information Officer (CIO) and Ministry Family CISO, you will collaborate with various stakeholders (GovTech HQ teams, Agency management, Agency project teams, and outsourced vendors) and will be responsible to:</span><span data-ccp-props="{}"> </span></p>
<ul>
<li data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="1" data-aria-level="1"><span data-contrast="auto">Lead the agency-level cybersecurity function in supporting agency digital transformation initiatives whilst ensuring digital resilience of agency systems.</span><span data-ccp-props="{"201341983":0,"335559740":276}"> </span></li>
</ul>
<ul>
<li data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="2" data-aria-level="1"><span data-contrast="auto">Formulate and implement agency cybersecurity strategies, policies and work plans, ensuring continuous alignment with Ministry Family's business strategic goals</span><span data-ccp-props="{"201341983":0,"335559740":276}"> </span></li>
</ul>
<ul>
<li data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="3" data-aria-level="1"><span data-contrast="auto">Review and enhance risk management through threat-based risk assessments, risk mitigations, risk monitoring and reporting.</span><span data-ccp-props="{"201341983":0,"335559740":276}"> </span></li>
</ul>
<ul>
<li data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="4" data-aria-level="1"><span data-contrast="auto">Provide consultation and endorse risk management and mitigation plans from agency’s project teams. </span><span data-ccp-props="{"201341983":0,"335559740":276}"> </span></li>
</ul>
<ul>
<li data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="5" data-aria-level="1"><span data-contrast="auto">Govern and enhance the agency's security posture by maintaining visibility and oversight of ICT assets, security architectures, and cybersecurity operations code of practices. </span><span data-ccp-props="{"201341983":0,"335559740":276}"> </span></li>
</ul>
<ul>
<li data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="6" data-aria-level="1"><span data-contrast="auto">Develop and maintain incident response plan and playbooks. This involves planning, designing and conduct of security incident response workshops and exercises (table-top exercises, simulation and drills) as well as lead the investigation and management of ICT security incidents.</span><span data-ccp-props="{"201341983":0,"335559740":276}"> </span></li>
</ul>
<ul>
<li data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="7" data-aria-level="1"><span data-contrast="auto">Provide advisory and recommendations on appropriate cybersecurity technologies to be deployed that meets agency’s business requirements and aligned with WOG-wide advisories and practices.</span><span data-ccp-props="{"201341983":0,"335559740":276}"> </span></li>
</ul>
<ul>
<li data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="8" data-aria-level="1"><span data-contrast="auto">Ensure secure by design ICT product development, and that security controls implementations comply with the defined security policies, standards and guidelines.</span><span data-ccp-props="{"201341983":0,"335559740":276}"> </span></li>
</ul>
<ul>
<li data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="9" data-aria-level="1"><span data-contrast="auto">Develop and maintain effective cybersecurity awareness and training programmes</span><span data-ccp-props="{"201341983":0,"335559740":276}"> </span></li>
</ul>
<p><strong><span data-contrast="auto"><br>[What we are looking for]</span></strong><span data-ccp-props="{}"> </span></p>
<ul>
<li data-leveltext="" data-font="Symbol" data-listid="5" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="1" data-aria-level="1"><span data-contrast="auto">Degree in Computer Science, Information Systems, Engineering or related Technology field</span><span data-ccp-props="{}"> </span></li>
</ul>
<ul>
<li data-leveltext="" data-font="Symbol" data-listid="5" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="2" data-aria-level="1"><span data-contrast="auto">At least 8-10 years of management experience related to information security and solid grasp of ICT operations, security policies, business processes and the relationship between them.</span><span data-ccp-props="{}"> </span></li>
</ul>
<ul>
<li data-leveltext="" data-font="Symbol" data-listid="5" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="3" data-aria-level="1"><span data-contrast="auto">Ability to work with multi-functional, multi-disciplined teams to formulate, institute real time awareness of security posture and baseline among end users.</span><span data-ccp-props="{}"> </span></li>
</ul>
<ul>
<li data-leveltext="" data-font="Symbol" data-listid="5" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="4" data-aria-level="1"><span data-contrast="auto">Good interpersonal and partner/executive leadership skills.</span><span data-ccp-props="{}"> </span></li>
</ul>
<ul>
<li data-leveltext="" data-font="Symbol" data-listid="5" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="5" data-aria-level="1"><span data-contrast="auto">Demonstrate knowledge and experience in security by design implementations, review of system architecture, devsecops practices, Infrastructure as Code (IaC) tools and securing CI/CD pipelines </span><span data-ccp-props="{}"> </span></li>
</ul>
<ul>
<li data-leveltext="" data-font="Symbol" data-listid="5" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="6" data-aria-level="1"><span data-contrast="auto">Demonstrate understanding of cloud service models (IaaS, PaaS, SaaS), coupled with a strong understanding of core cloud services and modern cloud-native architectures (serverless, containers, microservices) </span><span data-ccp-props="{}"> </span></li>
</ul>
<ul>
<li data-leveltext="" data-font="Symbol" data-listid="5" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="7" data-aria-level="1"><span data-contrast="auto">Identify on-premises and cloud-specific cybersecurity risks and threats, demonstrating skills to thoroughly assess their impact and likelihood. This assessment encompasses, but is not limited to, secure configurations, insider threats, vendor risks, data leakage, malwares including ransomware, account hijacking, and compliance risks.</span><span data-ccp-props="{}"> </span></li>
</ul>
<ul>
<li data-leveltext="" data-font="Symbol" data-listid="5" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="8" data-aria-level="1"><span data-contrast="auto">Evaluate the effectiveness of existing controls and recommending appropriate mitigation strategies for on-premises and cloud-related cybersecurity and data security issues.</span><span data-ccp-props="{}"> </span></li>
</ul>
<ul>
<li data-leveltext="" data-font="Symbol" data-listid="5" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="9" data-aria-level="1"><span data-contrast="auto">Display understanding of emerging threats and technologies, and the ability to translate risk into business impact</span><span data-ccp-props="{}"> </span></li>
</ul>
<ul>
<li data-leveltext="" data-font="Symbol" data-listid="5" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="10" data-aria-level="1"><span data-contrast="auto">Strong understanding of compliance requirements and the ability to identify potential violations in on-premises or cloud environments.</span><span data-ccp-props="{}"> </span></li>
</ul>
<ul>
<li data-leveltext="" data-font="Symbol" data-listid="5" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="11" data-aria-level="1"><span data-contrast="auto">Able to communicate cyber security topics effectively to senior stakeholders.</span><span data-ccp-props="{}"> </span></li>
</ul>
<ul>
<li data-leveltext="" data-font="Symbol" data-listid="5" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="12" data-aria-level="1"><span data-contrast="auto">Minimally possess CISSP certification, preferably with other related certifications, e.g. CISM, CCSP, GCIH that demonstrates continuous learning and knowledge of industry best practices.</span><span data-ccp-props="{}"> </span></li>
</ul>
<ul>
<li data-leveltext="" data-font="Symbol" data-listid="5" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="13" data-aria-level="1"><span data-contrast="auto">We believe in being Agile, Bold and Collaborative, and are looking for people who identify with these values.</span><span data-ccp-props="{}"> </span></li>
</ul>
<ul>
<li data-leveltext="" data-font="Symbol" data-listid="5" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="14" data-aria-level="1"><span data-contrast="auto">Singaporeans only.</span><span data-ccp-props="{}"> </span></li>
</ul>
753,000+ hidden jobs like this
GovTech and thousands of companies post here first — often days before LinkedIn or Indeed. Your first 5 applications are free; go Pro to apply without limits.
Everything Pro unlocks:
- Unlimited applications — free stops at 5
- Track every application in one place
- Apply straight to the source, one click
- Save & organize roles you love
- Roles pulled from company boards before the big sites
