Cybersecurity Policy Developer

<p>The Government Technology Agency (GovTech) aims to transform the delivery of Government digital services and products by taking an "outside-in" view, putting citizens and businesses at the heart of everything we do. We also develop the Smart Nation infrastructure and applications and facilitate collaboration with citizens and businesses to co-develop technologies.<br><br>Join us as we support Singapore’s vision of building a Smart Nation - a nation of possibilities empowered through info-communications technology and related engineering.<br><br>Do you want to apply your skills, knowledge and energy to implement cutting-edge infocomm technology and digital solutions that will change the lives of Singaporeans and the public? In GovTech, you can!<br><br>The Cyber Security Group (CSG) is the cybersecurity arm of GovTech, committed to creating a safe and secure digital government. You will be part of the Policy Development team to formulate cybersecurity policy standards and guidelines.</p> <p>&nbsp;</p> <p><strong>Job Description:</strong></p> <ul data-pm-slice="3 3 []"> <li> <p>Lead or Support the formulation of progressive ICT Security policies to ensure continuous and relevant protection of Government ICT assets</p> </li> <li> <p>Develop, assess and review existing and proposed policies in collaboration with stakeholders to govern cyber activities</p> </li> <li> <p>Promote awareness of security issues and communicate security principles among management and stakeholders</p> </li> <li> <p>Address policy queries, and assess exemption requests to ascertain relevance of preventive and detective controls to reduce risk of exposure</p> </li> <li> <p>Work with the operational and implementation teams to identify, qualify, quantify and agree proposed mitigation plans against any identified risks and that those risks have been captured with mitigation plans.</p> </li> <li> <p>Conduct the measurement of security health posture of Agencies and provide analytical studies and trending of key risk indicators</p> </li> <li> <p>Support limited scale security projects, system vulnerability assessments or audits of cyber programs if required</p> </li> <li> <p>Find creative ways to take on and address complex information security challenges across a variety of existing and emerging technologies and digital environments.</p> </li> </ul> <p>&nbsp;</p> <p><strong>Requirements:</strong></p> <ul data-pm-slice="3 3 []"> <li> <p>Degree in Infocomm Security, Computer Science, Computer/Electronics Engineering or Information Technology</p> </li> <li> <p>Possess CISSP and/or CISA certifications would be an advantage</p> </li> <li> <p>At least 3 years’ of relevant IT or inforcomm security consulting, project management, and/or IT audit and governance</p> </li> <li> <p>Knowledge of IT security management principles and practices</p> </li> <li> <p>Experience in one or more of the following areas will be an advantage; policy compliance and governance, risk assessment, solutioning, network design, application development, Internet of Things, cryptography, hardware design protection, mobile application/device management, cloud hosting design and implementation in AWS/Azure/Google, DevSecOps consulting, design and implementation of CI/CD pipelines, etc.</p> </li> <li> <p>Knowledge and experience of IM8/NIST/IS0 27001/2 policies /standards</p> </li> <li> <p>Singapore Citizen only</p> </li> </ul>