• Lead and execute ACRA’s digital governance, IT risk management and compliance, ensuring alignment with Whole-of-Government (WOG) directives and industry best practices.
• Serve as ACRA’s appointed Security Incident Response Officer (SIRO), proactively report all confirmed or suspected cybersecurity incidents, gather evidence for impact and severity assessment, impact assessment of the cybersecurity incident, escalating the incident to relevant authorities, determining appropriate containment and corrective actions, track and coordinate incident responses and submit incident report, updates and post incident inquiry report.
• Develop, review and maintain IT and data governance policies, standards and processes to ensure adherence to the Government Instruction Manual for ICT & Smart Systems (ICT&SS).
• Drive continuous improvement initiatives for digital governance and operational efficiency, introducing new processes, platforms, or controls where necessary.
• Partner with IT and business teams to assess security risks for all new projects and ensure mitigation plans are embedded before deployment to production.
• Lead the implementation of cost-effective IT security and data protection solutions to address governance gaps and emerging threats.
• Educate staff and vendors on digital governance policies and cybersecurity awareness through workshops, phishing exercises and sharing sessions to enhance vigilance.
• Coordinate with central governance teams and external vendors to report, track and close digital governance gaps, meeting KPIs and audit requirements.
• Act as an internal independent reviewer to validate IT systems, controls and data projects, ensuring compliance and readiness for production release.
• Develop and drive the execution roadmap for enterprise information and security governance, securing stakeholder buy-in and ensuring alignment with ACRA’s objectives.