To lead the operationalisation of the national certification and labelling schemes (Common Criteria for IT security products, Consumer Internet-of-Things, Medical Devices, etc.) which include the defining of the policy & standards, conducting the security evaluation and labelling of products. Through these schemes, Consumers, Enterprises and Industry will have access to a wider pool of more secure devices, which will help to enable a safer and more secure cyberspace that underpins our national security, power a digital economy, and protect our digital way of life, so that Singapore can capture the benefits of a more connected world safely.
Assistant Director (Cybersecurity Labelling Scheme & Common Criteria), CSEC
Cyber Security Agency of Singapore
Contract
Closing on 31 Dec 2024
What the role is
What you will be working on
Responsibilities
National Certification and Labelling Scheme Body
• To operationalise and deliver the strategic outcomes for the schemes as set forth by CSA management, leading and guiding the team to execute the strategic direction, and to provide key inputs and insights on certain strategic decisions.
• To lead and guide the team on the establishment, enforcement, and identification of improvements for the national certification and labelling scheme body internal processes and systems to (i) be compliant with international standards for certification body (i.e., requirements of the Common Criteria Recognition Arrangement and ISO/IEC 17065 Requirements for Certification Body), and (ii) improve the consistency, efficiency, and lower turn-around time for the certification and labelling projects.
• To represent Singapore at the bi-annual international Common Criteria Recognition Arrangement Meetings, safeguarding Singapore’s interest and to keep up with the latest revisions and requirements of the Common Criteria.
• To provide clarification of schemes’ requirements through the publications of scheme interpretations, development of CLS assessment methodologies to ensure consistent and common understanding of the CLS requirements, internal application review guidelines, internal work instructions, peer coaching, etc.) on the security evaluation and assessment to ascertain whether a product is sufficiently secure and meets the requirements of the schemes.
• To develop new schemes to meet the demands of the ecosystem, while maintaining existing schemes (consumer IoT, medical devices, or based on emerging technologies) which requires work of the following nature:
o Survey the technological landscape and provide recommendations on the key opportunities or demand from the ecosystem to set up new schemes to address emerging technology.
o Explore and examine the applicability of key standards and provide recommendations for adoption/usage.
o Collaborate with different stakeholders (government, industry, etc.) to incorporate different views and requirements.
• To formulate outreach strategies and engagement of partner nations to drive mutual recognition arrangements (MRA) of schemes with like-minded nations.
• To support international engagements such as keynote speeches and presentations at key international platforms and forums on the topics of labelling schemes and their related domains (i.e., consumer IoT, Medical Devices, Software, etc.), and including discussions on international standards development work (security standards, labelling requirements, etc.).
• To support the planning and anticipation of the demands of labelling applications and to prioritise applications.
• To monitor the performance of Approved Testing Laboratories under the various schemes and their adherence to the scheme’s defined criteria, and to support the drafting and reviewing of the lab criteria.
• To review test reports from the Approved Testing Laboratories to ensure that the conclusions are consistent with the test evidence presented and that the scheme security evaluation/assessment methodology have been correctly applied.
• To ensure that the interest of all parties participating in scheme activities are given appropriate consideration and to arbitrate disputes arising in the context of the scheme.
Government, Industry, and Consumer Engagement
• To nurture and educate the users (public, clinicians, public/private healthcare institutions) to embrace the usage of the labelling scheme, to bring about a positive change in their mindset to be more cybersecurity conscious
• To engage, nurture and educate the developers (aka manufacturers) to embrace and adopt cybersecurity in their devices, thus enabling them to better meet the requirements of the schemes and provide better secured devices and a wider pool of device categories.
• To contribute to the evaluator/certifier competency framework ISO 19896-3 standard at the ISO, provide training, engage and onboard more testing laboratories for the schemes to grow the Testing/Inspection/Certification industry in Singapore and provide more testing laboratories that the manufacturers can work with for the testing of their devices.
• To perform landscape studies, consumer surveys, as part of identifying key product categories, key potential industry partners to broaden the reach and effectiveness of the schemes.
Tools and Techniques for the Consumer IoT and Medical Devices, and other emerging areas.
• To equip, operate and maintain the evaluation laboratory to facilitate security testing in the areas of consumer IoT and medical devices.
• To guide the team, as well as to perform research and development of new attack techniques to improve testing efficiency, as well as the survey of the landscape of developments within various technical domains.
To explore other applicable emerging areas for CLS (mobile, software-as-a-service, artificial intelligence, etc.)
What we are looking for
Requirements
• Bachelor degree in Computer Science, Information Systems, Mathematics, or relevant discipline.
• At least 7 to 10 years of experience working in the field of cybersecurity. Specialisation in Cybersecurity Testing is preferred
• Professional Qualifications such as OSCP, CEH or equivalent certifications would be an advantage
• Technically hands-on and curious about inner workings of technology
• Strong analytical and conceptualisation skills
• Good communications and interpersonal relationship skills
• Team player who is driven and capable to work independently. Resourceful, responsible, motivated and able to work independently as well as in a team
• Creative, able to think out of the box.
If you share our passion to make a difference in the cyber security landscape, take up the challenge and apply now.
All applicants will be notified of whether they are shortlisted or not within four weeks of the closing date of this job posting.
For any issues with the application, you may drop your resume with us at csa_recruit@csa.gov.sg.
Note: CSA will be shifting to Punggol Digital District (PDD) in year 2026.
About Cyber Security Agency of Singapore
About the Cyber Security Agency of Singapore
Established in 2015, the Cyber Security Agency of Singapore (CSA) seeks to keep Singapore’s cyberspace safe and secure to underpin our Nation Security, power a Digital Economy and protect our Digital Way of Life. It maintains an oversight of national cybersecurity functions and works with sector leads to protect Singapore’s Critical Information Infrastructure. CSA also engages with various stakeholders to heighten cyber security awareness, build a vibrant cybersecurity ecosystem supported by a robust workforce, pursue international partnerships and drive regional cybersecurity capacity building programmes. CSA is part of the Prime Minister’s Office and is managed by the Ministry of Digital Development and Information. For more news and information, please visit www.csa.gov.sg