The Legal Technology Transformation Office (LTTO) is a division within MinLaw’s Legal Industry Group that develops strategies and implements initiatives to strengthen Singapore’s status as a global legal services hub through technology. LTTO coordinates and drives legaltech efforts across the legal services sector. You will be part of the team that works with the Legal Industry Division, Professional Services Programme Office, Legal Services Regulatory Authority and other internal and external stakeholders to chart the future of legaltech adoption and innovation, and strengthen cyber security and data protection in Singapore’s legal services sector. We are seeking an officer with expertise with cybersecurity and data protection expertise to develop and lead initiatives to strengthen cyber security and data protection in Singapore’s legal services sector. The officer will work with the relevant organisations to spearhead the development of risk management strategies, formulate security guidelines, and conduct gap analyses to support cybersecurity and data protection practices in the legal sector. Key responsibilities include overseeing industry security posture through audits and inspections, maintaining risk registers, driving improvement initiatives, designing and implementing competency-building programmes for the legal sector, coordinating incident response efforts, and liaising with the relevant organisations during investigations. Additionally, the officer is also responsible for developing cyber security and data protection awareness and certification programmes for the legal sector, while ensuring alignment with industry best practices, including PDPC and CSA standards. This position requires a strategic thinker with good leadership and influencing skills, as well as the capability to elevate the cybersecurity and data protection maturity of Singapore’s legal services sector.

You will collaborate with various stakeholders (including management teams, project teams, external partners and vendors) in the following areas: 1. Policy Development • Spearhead the formulation of risk management strategies, frameworks, policies, and processes for MinLaw's Legal Industry Group to govern the cybersecurity and data protection posture of the legal services sector. • Develop and maintain relevant cybersecurity and data protection guidelines, advisories, and self-assessment checklists for the law practice entities. 2. Risk Assessment and Gap Analysis • Conduct gap analyses to identify cybersecurity and data protection risks within the legal sector. • Evaluate the law practice entities’ ICT security posture and maturity levels against industry standards (e.g., PDPC, CSA checklists). • Ensure all guidelines and advisories remain current with industry best practices through regular reviews and updates. 3. Governance and Compliance • Oversee the security posture of the legal services sector through on-site inspections and management of independent audits. • Review audit reports and lead the implementation of remediation and improvement initiatives. • Maintain a comprehensive Security Risk Register to track waivers, risk acceptance, and corrective action plans. 4. Management Support and Capacity Building • Assist with the management of cybersecurity and data protection matters, including work plan approval, resource allocation, and risk acceptance decisions. • Develop and implement programmes to enhance cybersecurity and data protection competencies of MinLaw’s Legal Industry Group and the relevant regulatory divsions. 5. Incident Response and Management • Design and conduct security incident response workshops and exercises, including table-top simulations and drills. • Provide expert guidance on handling cyber and data incidents reported by law practice entities. • Oversee incident investigations, coordinating with relevant government agencies and enforcement bodies as necessary. 6. Awareness and Education • Develop and drive cybersecurity and data protection awareness programmes and educational initiatives for the law practice entities. • Lead seminars and workshops to promote best practices in cybersecurity and data protection. 7. Certification and Standards • Advise on guiding the law practice entities towards obtaining the relevant cybersecurity and data protection certifications. • Stay abreast of evolving industry standards and certification requirements. 8. Stakeholder Management • Liaise effectively with internal divisions, law practice entities, government agencies, and other relevant stakeholders. • Foster a culture of cybersecurity awareness and compliance across all levels of the organisation and the legal services sector.

*Key Competencies* • [Systems Thinking]: Connect issues with larger system and identify inter-dependencies across issues/ domains/ agencies • [Deep Critical Thinking]: Distil critical issues and sense-make from a wide range of information, arriving at effective policy solutions • [Co-create and Co-deliver with External Stakeholders]: Mobilize citizens and stakeholder to co-create and co-deliver solutions to policy issues *Work Experience/Personal Traits* 1. Strong analytical skills to distil complex issues and synthesise various policy objectives. 2. Domain knowledge and compliance requirements in the legal service sector. 3. Strong planning and executional abilities to oversee multiple projects. 4. Strong interpersonal skills and ability to influence and collaborate with multiple stakeholders. 5. Ability to innovate and be creative in problem-solving. 6. Ability to work well independently as well as in a team. 7. Excellent verbal and written communication skills. 8. Qualification or experience in cybersecurity and data protection, e.g.: • Professional certifications such as CISSP, CCSP, CISM, or CISA. • Certified Information Privacy Manager (CIPM) or equivalent. • Certified Information Privacy Professional/Asia (CIPP/A) or equivalent, or IMDA-accredited certifications for Data Protection Officer (DPO). • Management experience as a DPO. • Expertise in ICT operations, security policies, and business processes. • In-depth knowledge of Singapore's Personal Data Protection Act (PDPA) and its practical application. • Proven track record in helping organisation obtaining Cybersecurity Essentials Mark (CEM) and Cybersecurity Trust Mark (CTM) certifications. • Proven ability to evaluate control effectiveness and recommend mitigation strategies for on-premises and cloud-based cybersecurity and data security issues. 9. Prior experience in Singapore’s legal industry (law firm, legaltech firm, law-related organisations) would be an advantage. Successful candidates will be offered a 1-year contract in the first instance, subject to renewal. #LI-SW1

In Singapore, having the rule of law and advancing people’s access to justice are not just lofty ideals but the backbone of a functioning and a progressive society. At the Ministry of Law, not only do we contribute to developing the legal frameworks and policies that uphold our way of life, but also to providing community legal services that Singaporeans benefit from. The key policies we oversee include Singapore’s legal and intellectual property infrastructure, the civil and criminal justice systems as well as land resources. Our officers are experts from different fields, and enjoy an excellent and challenging career in a fast-paced environment with plenty of opportunity to grow. If you share our vision of shaping the future of Singapore, you will definitely fit right in here at MinLaw.