Assistant Director (Cybersecurity), CDD

At MSE and our family of agencies – PUB, NEA, and SFA – we drive sustainability and resilience initiatives that improve the everyday lives of Singaporeans. As part of the MSE Family, you will be at the forefront of innovation, leading efforts to safeguard water resources, protect public health, and ensure food safety. Through partnerships across sectors, we tackle evolving challenges while fostering an inclusive, safe, and supportive workplace. Join us in shaping Singapore’s sustainable future and making a lasting impact on the everyday lives of generations to come.

Security Assessment & Review • Review application system security specifications, security design adequacy and controls • Familiar with Threat Risk Assessments and Zero Trust security and design would be advantageous. • Conduct threat modelling (e.g. attack centric.,. etc.) using methodologies such as STRIDE or PASTA. • Review security reports including VAPT, source code analysis and System Security Acceptance Test (SSAT) reports to assess effectiveness and identify systemic issues Security Operations, Monitoring and Reporting • Monitor and analyse MSE GCSOC security events and alerts from cloud and on-premises environments. • Review VMS and ASM reports and escalate to relevant parties where necessary. • Support threat intelligence TTPs (Tactics, Techniques and Procedures), emerging threat analysis, and vulnerability notification activities to relevant stakeholders. • Work with GovTech Operation and Incident Response teams on alerts and incident activities • Analyse Data Loss Prevention and Phishing Exercise reports and provide assessment. • Prepare Cybersecurity Scorecard Reports and support Cyber Awareness program. Incident Response • Support the Agency CISO in executing comprehensive incident response across all phases: detection, analysis, containment, eradication and recovery • Collaborate with Product Managers to ensure thorough risk and threat assessments are conducted and analysed, appropriate controls are established, and residual risks are maintained at acceptable levels. • Review Incident Management Plan and support in organizing tabletop exercise and scenarios. Governance and Risk Management • Partner with Product/Project Managers to ensure risk and threat assessments are thoroughly conducted and analysed with appropriate controls and residual risk are acceptable. Stakeholder Management & Communication • Provide security consultation to project teams and stakeholders on security matters • Articulate cybersecurity risks, mitigation measures and residual risks clearly to stakeholders • Manage stakeholder relationships.

• Degree in Computer Science, Computer/Electronics Engineering, Information Technology or related disciplines • Minimum 5 years of IT security experience in Security Operations, Incident Management and Security Governance and Risk. • Security certifications (e.g. OSCP, CISSP, CISM, CCSP, Cloud Security related) are advantageous. • Possess strong interpersonal, written, verbal and presentation skills with the ability to communicate effectively across all organisational levels • Critical thinking and problem-solving capabilities would be a plus. • Knowledge and experience in IT security consultancy is a plus • Knowledge in IM8, System Security Plan Requirements and other international security standards (e.g NIST, ISO 27001, ISO 27017, CSA CCM, etc) would be advantageous. • Knowledge of security technologies including ASM, SIEM and SecOps (e.g. Google SecOps knowledge) • Understanding of security frameworks such as MITRE ATT&CK, Cyber Kill Chain, OWASP Top 10, CVE/CVSS, Etc). • Expertise in security domains including network security, cloud security and application security • Comfortable in providing security by design cloud and data security advice for system hosted in GCC and GCC+ on providers such as AWS and Microsoft. • Knowledge of security architecture concepts including network topology, protocols, Defence in Depth, Zero Trust Principles and security control implementation • Strong understanding of compliance frameworks and security standards.