Security Architecture & Consultancy • Provide security input to solution deployments to help ensure that solutions deployed, and corresponding information assets, are aligned with our security strategy • Provide technical advice on information security best practices and offer strategic and tactical security guidance including the evaluation and implementation of technical security controls • Conduct information security assessments using industry accepted best practices and approaches to support PUB business goals and objectives • Spearhead the architecture of OT systems following NIST, ISA99 and IEC-62443 standards • Provide security design recommendations for cybersecurity architecture and solutions • Maintain an up-to-date understanding of emerging trends in security solutions and apply new techniques to PUB’s cybersecurity architecture • Perform controls reviews and system assessments to develop risk profiles for IT/OT systems and evaluate the efficiency and effectiveness of the IT/OT control environment • Assist in the evaluation and development of systems security across the enterprise with an emphasis on detecting, responding and preventing cyber incidents • Prepare and present security design and architectural review reports to system owners, business units, and other Technical Policies, Standards, Guidelines, SOP • Develop and maintain information security policies, standards and procedures in accordance with best practices and regulatory requirements from CSA and GovTech • Perform processes and subordinate procedures to eliminate/reduce exploitation of critical IT/OT systems • Collaborate with key stakeholders to develop, implement, and document procedures that meet defined policies and standards for information security management Risk, Vulnerability Assessment & Penetration Testing • Conduct assessment and testing of IT and OT systems to ensure ongoing adherence with prevailing cybersecurity policies, processes and standards, and to determine the operating effectiveness of the controls implemented • Evaluate cybersecurity risk in context of business environment and industry requirements • Lead information security risk management activities to identify, evaluate, and address security threats or significant vulnerabilities • Undertake computing environment vulnerability corrections for the OT systems in PUB plants, networks and operations centres as well as IT systems in PUB Data Centre and Government Commercial and Private Cloud • Coordinate and schedule with the operations department the conduct of the annual risk assessment, vulnerability assessment, penetration testing and security compliance audit for all PUB plants, networks and operations centres • Manage the approval and engagement of external cybersecurity consultants and auditors to undertake the annual risk assessment, vulnerability assessment, penetration testing and security compliance audit for all PUB plants, networks and operations centres as well as IT systems in PUB Data Centre and Government Commercial and Private Cloud • Oversee the administration of the external consultants and auditors in risk & vulnerability assessment, and compliance audit

• Educational Qualifications: o Bachelor’s degree in Computer Science, Information Security, Electrical Engineering Engineering or a related field. o Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), or equivalent are highly desirable. • Experience: o Experience in conducting vulnerability assessments and penetration testing for IT and/or OT systems. o Familiarity with security architecture and consultancy, with the ability to provide input on solutions and technical security controls. o Experience in spearheading the architecture of OT systems following NIST, ISA99, and IEC-62443 standards. o Prior experience in developing and maintaining information security policies, standards, and procedures. • Technical Skills: o Strong or good understanding of cybersecurity principles, IT and OT security best practices, and regulatory requirements from CSA and GovTech. o Proficiency in using industry-standard security tools and technologies for vulnerability assessment and penetration testing. o Knowledge of risk management activities, including the ability to identify, evaluate, and address security threats or vulnerabilities. o Ability to perform controls reviews and system assessments to develop risk profiles and evaluate the efficiency and effectiveness of the control environment. • Responsibilities: o Conduct comprehensive assessments and testing to ensure adherence to cybersecurity policies, processes, and standards. o Evaluate cybersecurity risk within the business environment and industry requirements. o Lead security risk management activities and undertake vulnerability corrections for OT and IT systems. o Coordinate and manage the annual risk assessment, vulnerability assessment, penetration testing, and security compliance audit. o Oversee the administration of external consultants and auditors in risk & vulnerability assessment, and compliance audit. • Soft Skills: o Good analytical and problem-solving skills. o Good communication and presentation skills, with the ability to prepare and present security design and architectural review reports. o Ability to collaborate effectively with key stakeholders and work as part of a team. o Project management skills and the ability to manage the approval and engagement of external cybersecurity consultants and auditors. • Other Requirements: o Must be willing to stay updated with emerging trends in security solutions and apply new techniques to enhance cybersecurity architecture. o Availability to coordinate with various departments for the scheduling and conduct of security assessments and audits.

PUB is an organisation that is recognised internationally for good water management. PUB won the 2007 Stockholm Industry Water Award and was named Water Agency of the Year 2006 in the international Global Water Awards. In 2008, PUB was awarded the Singapore Quality Award for business excellence. NEWater, Singapore's high-quality reclaimed water, also clinched the 'Environmental Contribution of the Year' at the Global Water Awards 2008. At PUB, the national water agency, you will enjoy opportunities to build a clear future for the water industry.