GRC Application Security Specialist (Contract)

Governance, Risk and Compliance (GRC)

• Develop and promote a culture of technology risk governance and management across the organisation, ensuring proper accountability in managing, tracking, and reporting technology and cyber risks

• Provide subject matter expertise to internal stakeholders on cybersecurity requirements, including compliance with MAS internal policies and standards, as well as policies from GovTech and Cyber Security Agency of Singapore

• Review and establish ICT policies and process controls, conducting regular compliance checks to ensure adherence • Track and monitor technology projects and initiatives to meet compliance requirements, including Key Risk Indicators and Control Self-Assessment as part of the technology governance framework

• Monitor incident reporting processes, reviewing and reporting on corrective measures and improvement areas

• Participate in consultations and conduct gap analysis against new or revised regulatory requirements • Assess and seek waiver approvals for deviations and develop risk treatment strategies

• Organise risk forums and monitor action plans, coordinate and facilitate IT and cybersecurity audits

• Track remediation plans to address audit findings and follow up on remediation actions with stakeholders, project managers, and application managers

Application Security

• Establish clear guidelines and best practices for secure coding, vulnerability management, and incident response across development teams

• Serve as Subject Matter Expert in application security for enterprise projects during development phases, providing information security consulting and recommendations

• Discover security vulnerabilities and devise mitigation strategies, reporting and resolving technical debt effectively • Track and address security issues with timely remediation and patching processes

• Integrate security tools and processes into DevOps pipelines, automating security scans and tests

• Collaborate with developers and software teams to ensure security integration at every stage of software development

• Work with development teams to remediate application security vulnerabilities and prevent future incidents

• Implement and promote secure coding practices throughout the organisation

Strategic and Operational Excellence

• Recommend re-engineering and streamlining of processes to enhance control effectiveness

• Present management reporting to stakeholders with data analysis, trend identification, and strategic recommendations

• Enhance training materials and documentation in ICT risk management, developing case studies and best practices • Stay updated on latest security threats, trends, and emerging technologies

• Identify opportunities for incorporating AI assistant tools into development processes and analyse efficacy of potential use cases

This integrated role ensures comprehensive security coverage from governance oversight through to technical implementation, creating a robust security posture across the organisation's technology landscape.

• At least 5 years relevant experience in ICT cybersecurity, data security, audit management, governance, risk and compliance management,  security engineer or security architect role

• Relevant certifications in IT governance, IT audit, cyber or data security (e.g. CISSP, CISM, CISA, etc.) preferred.

• Ability to work with cross-functional, multi-disciplined team to operationalise monitor security policies and procedures.

• Knowledge of Instruction Manual 8 and CSA Cybersecurity Code of Practice preferred.

• Technical knowledge of security vulnerabilities, validation of remediations and risk assessments.

• Experience in performing penetration testing, secure code review, static, dynamic and manual source code review.

• Experience in identifying and remediating common web application vulnerabilities such as OWASP Top 10

• Hands-on experience with Web Application Scanning Tools

• Proven experience in secure coding practices, vulnerability assessment, and penetration testing

• Relevant experience in data visualisation and analytics.

      Skillset:

• Strong analytical, reasoning and problem-solving skills. 

• Meticulous with an eye for detail.

• Good oral and written communication skills

• Ability to work independently and assume responsibility for project deliverables.

• Team player who is proactive and collaborative 

• Experience in reporting and dashboard using JIRA is preferred.