The successful candidate will be assigned to work in one of the various pillars in the division such as “Home Team”, “Systems of National Interests”, “Government Central System - Operationalising (GCS-Ops)”.
Lead a team of senior consultants, consultants and system engineers to provide cybersecurity consultancy through evaluating the risk assessment, security design review and plan and review security testing of Home Team/ GCS-Ops/ NI ICT/OT systems so as to ensure that the Home Team/ NI ICT/OT system is well protected while System owner accepts justifiable risk levels.

Assistant Director (Home Team/Systems of National Interests/ GCS), CSPC
Cyber Security Agency of Singapore
Contract
Closing on 31 May 2025
What the role is
What you will be working on
Perform the risk assessment for Home Team/ GCS-Ops/ NI ICT/OT systems to ensure it is well protected and justify the risks to the System owner for risk acceptance
• Collaborate with system owners and project team to understand the business and system requirements so that you can analyse and identify the cyber and physical threats and formulate the relevant project-specific scenarios and potential risks.
• Propose people, process and technology (PPT) cybersecurity mitigation controls on the completed TRA Template and project-specific scenarios.
• Justify the residual risks level for acceptance and approval by the designated approving authority.
Review the security design of Home Team/ GCS-Ops/ NI ICT/OT systems to identify areas of weaknesses and recommend security solution or controls to mitigate against highlighted threats.
• Identify, assess and review cybersecurity solutions to secure Home Team/ GCS-Ops/ NI ICT/OT networks and systems.
• Collaborate with system owners and project team to review and provide advice on the final proposed security design and mitigation controls.
• Collaborate with system owners and project team to identify additional risks due to deviations in the final proposed security design and propose mitigation controls
Review security testing scopes and plans that validate and verify the security design of the Home Team/ GCS-Ops/ NI ICT/OT systems.
• Review vendor’s system security testing proposals and Penetration Test (PT) plans and if needed, insert or counter propose test plans and test cases to make sure the security testing is comprehensive.
• Review and provide advice to system owners and project team on the conduct of system security testing and PT.
• Serves as controller to verify the execution of the system security testing and PT.
• Assess and provide advice, identify risks and propose remediation measures on the findings and recommendations from the system security testing and PT reports
Optimise cybersecurity consultancy practices for effectiveness and efficiency of Home Team/ GCS-Ops/ NI ICT/OT systems.
• Develop security reference architectures and threat reference models to optimise consultancy effectiveness and efficiencies.
• Work with team members to develop, operate and publish the security reference architectures and threat reference models.
• Enforce approved security reference architecture and threat reference models during cybersecurity consultancy.
• Analyse lessons learned from consultancy works and incorporate areas of improvement to enhance Consultancy Models, security reference architecture and threat reference models
Manage the project’s security deliverables while adhering to the overall system timeline
• Track the progress of project and collaborates with project management team to manage the schedule for the security team to ensure timely delivery
Manage Team Capability Development
• Managed Team esprit de corps, professional and personal developments
• Develop training plans for the team based on competency framework i.e. RTEC (Raise + Train + Evaluate = Capability) Framework.
• Identify suitable training programmes/events/seminars for each team role to associate the required capability in dealing with ever-changing cybersecurity threats landscape.
• Monitor training budget allocated and provide updates to management when required.
• Establish processes for Knowledge Management for purpose of cybersecurity consultancy knowledge sharing and retentions
What we are looking for
• Bachelor Degree in Information Communication Technology-related discipline
(Cybersecurity, Information Security, Information Technology, Computer Science, Management Information Systems), Science or Engineering etc.
• Professional qualifications such as CISSP, SANS, CISA, CRISC or equivalent
• At least 10 to 15 years relevant working experience and at least 7 to 10 years of supervisory experience to manage, work and collaborate with various parties including stakeholders system owners, teammates and contractors
• Good understanding and interest in cybersecurity
• Technically hands-on and curious about inner workings of technology
• Strong analytical and conceptualisation skills
• Good communications and interpersonal relationship skills, stakeholder management
• Driven and capable to work independently. Resourceful, responsible, motivated and able to work independently as well as in a team
If you share our passion to make a difference in the cyber security landscape, take up the challenge and apply now.
All applicants will be notified of whether they are shortlisted or not within four weeks of the closing date of this job posting.
For any issues with the application, you may drop your resume with us at csa_recruit@csa.gov.sg.
Note: CSA will be shifting to Punggol Digital District (PDD) in year 2026
About Cyber Security Agency of Singapore
About the Cyber Security Agency of Singapore
Established in 2015, the Cyber Security Agency of Singapore (CSA) seeks to keep Singapore’s cyberspace safe and secure to underpin our Nation Security, power a Digital Economy and protect our Digital Way of Life. It maintains an oversight of national cybersecurity functions and works with sector leads to protect Singapore’s Critical Information Infrastructure. CSA also engages with various stakeholders to heighten cyber security awareness, build a vibrant cybersecurity ecosystem supported by a robust workforce, pursue international partnerships and drive regional cybersecurity capacity building programmes. CSA is part of the Prime Minister’s Office and is managed by the Ministry of Digital Development and Information. For more news and information, please visit www.csa.gov.sg