Key accountabilities Co-ordinate all division level information security related activities Regularly update the division management on the compliance and implementation of Information Security framework Coordinate periodic information security reviews as per the defined frequency Conduct periodic vulnerability tests working with the cyber security centre of excellence (COE) on assets. Pre-requisites like setting up machines, getting VMs provisioned, VPN and other access provisioned for activities to be conducted remotely like VAPT Track and facilitate closure of information security observations/non-conformities identified during the internal/external audits or other security assessments as per the severity Supervise facilitate closure of information security incidents raised by the Security Operations Centre for the division as per the severity, Act as incident manager for any security incidents and breaches until resolution. Participate in root cause analysis as may be applicable Keep track of all the expiry and renewals of all the information security related solutions in the division Raise all the forms/requisitions etc and ensure timely availability of the pre-requisites for the information security related activities for the division 1st level assessment of the exceptions raised, risk assessment of policy deviations and review deviations before recommending for approval Conduct Cyber Security best practice education sessions and/or information brochures to users as and when necessary, periodic review of education materials used 'to train' new employees Periodic & targeted Phishing exercise working with the cyber security centre of excellence (COE) to educate vulnerable email users Phishing emails are to be analysed, identify source, block the source of phishing email upon approval Reporting: Periodic reporting of violations to leadership team Communication: Disseminate advisory to IT teams upon receiving notifications from trusted sources Understand evolving threats by learning from Cyber security industry & regulatory body. Plan for implementation within IHH MY Keep track of renewals from governance point of view, such that all things being used are under valid support contract Raising the eforms, PRs, POs for security related requirements Stays in constant touch with the Data Protection Office (DPO) for IT security related data protection requirements and put up the requests forward for fulfilment through the hierarchy for approvals and budget Supporting division business for areas relevant to cyber security while responding to RFPs Whitelisting of URLs for business use case with reputation assessments Quarterly risk report for the division, maintaining and updating risk register for IHH MY Incident statistics and analysis for the division with reporting Security related POC support Handling and supporting queries on cyber security policies, procedures and best practices, Enforce policy and process compliance across the division Custodian of key roles and credentials for security related solution for the division Interface between the Central information security tracks/Teams, Singapore division, third parties and the management of each entity as well as group management stakeholders Capture from IT and maintain the inventory details for consumption by the cyber security team and Contribute on behalf of division for Coverage, growth, forecasting and consolidate the same to arrive at the investment requirements for the COE across the tracks Interface for COE Deliveries to ensure delivery as per the scope and SLAs to the division and, also, the interface for feedback and inputs from the division Lead and develop best remediation and mitigation plan of the technically available options to align with the business context Inputs to the tracks within the COE for continuous improvement in pursuit of operational excellence Negotiate and resolve conflicts at the division level in support of organizational interest and progress on the task assigned. Timely escalation where necessary KPIs: Meet or exceed the Agreed Service Level Agreements for the division Coverage of all the IT assets from Security Operations perspective is always more than 99% No. of cyber Security Incidents and requests handled Ensure all the incidents / Issues are tracked to closure Ensure Security Activity Calendar gets published and followed through the year Qualifications & Experience: Diploma or graduate in Information technology or equivalent Overall IT relevant experience of minimum 5 years, in a combination of multi-disciplinary IT/Security Operations with minimum 3 years in cyber security Experience in working for a demanding security operations Centre with multiple tracks Knowledge of Security Standards and Frameworks including MITRE & ATT&CK, ISO 27001:2013, ISO/IEC 22301:2019, Data Protection etc Proficient in Information Security Management Systems (ISMS), cyber security and technology risk management Experience in working with third party vendors and vendor management Proficient in working with vendors for successful implementation of large turnkey projects with due diligence, risk management and quality ensured Healthcare domain knowledge is preferred Understanding of Hospital Information systems will be advantageous especially in Singapore healthcare Knowledge of data security regulatory laws and tools Knowledge of Cyber security threats and best practices Experience and understanding of IT Operations procedures Knowledge of applying patches based on product company advisory. e.g. Microsoft security patches Knowledge of Healthcare standards such as Hl7, DICOM and FHIR in the context of PII (Personally identifiable information) and PHI (Protected Health Information) governing laws like PDPA, PCI compliance, etc Show more Show less