Reporting to the Lead IT Consultant, the Senior IT Consultant (IT Security) supports the Communications & Information Technology division in all SIT's IT security initiatives.

Key Responsibilities

• Secure Cloud environments across platforms such as Microsoft Azure, Amazon Web Services (AWS), Google Cloud and Huawei Cloud
• Develop, review and update IT security policies, procedures and plans
• Conduct security review of existing systems to assess their ability to provide adequate defence against the latest security threats
• Manage vulnerability assessments, penetration testing, and secure code reviews for IT systems and applications, including understanding the identified gaps and vulnerabilities and investigating suitable remediation strategies
• Jointly work with IT infrastructure and application development teams and business owners to provide security consultancy and assurance to IT systems and applications
• Jointly monitor, track and review with IT Compliance team and other IT teams on all information security risk findings and assessments
• Investigate and manage cybersecurity alerts, threat intelligence, and IT security incidents to determine root cause and impact and drive effective containment and remediation
• Manage SOC vendors and implement log monitoring and security monitoring tools
• Manage security projects, including procurement and renewal of security services and tools
• Drive and conduct IT security awareness and training, including phishing simulations and incident response exercises
• Research new security technologies, emerging threats and vulnerabilities to improve SIT's security posture
• Ensure compliance with regulatory requirements, including statutory reporting to the Cyber Security Agency of Singapore (CSA) and the Ministry of Education (MOE)
• Provide detailed reporting to SIT management on IT security initiatives, scans and incidents

Requirements

• Bachelor's degree in Computer Science, Information Technology or equivalent
• Minimum 6 years of experience in Information and Cyber Security
• Good knowledge and experience with cloud security across Microsoft Azure, AWS, Microsoft 365 and Saas environments
• Solid understanding of security standards and frameworks such as NIST CSF, ISO27001, ISO27005, MTCS, CAS Security-by-Design (SB), and PDPA is essential
• Experience and knowledge of technologies such EDR/XDR, DAM, MDM, Microsoft AIP, VMS, CASB, SWG, SASE, ZTA, PAM, IAM, MFA, NAC, Red Teaming is highly desirable 
• Familiarity with Government IM, ISO31000 and PCI-DSS is desirable 
• Professional certificates such as CISSP, CISA, CISM, CREST, CEH, or CHFI are advantageous
• Strong analytical and problem-solving skills
• Excellent written and verbal communications skills, with ability to present ideas and results to all levels of staff, including C-Level and Board executives 
• Positive attitude and strong team player