Senior/Asst Dir, Cyber Crisis Preparedness, Technology and Logistics Policy Div

We are seeking a motivated Senior Assistant Director, Cyber Crisis Preparedness to play a critical role in enhancing MHA's resilience against evolving cyber threats. In an increasingly dynamic cyber landscape, this role is critical to ensuring our ability to effectively respond to and recover from cyber crises. Reporting to the Deputy Director (Cyber Readiness & Crisis Preparedness), you will be tasked to evolve our crisis preparedness and enhance MHA’s ability to respond effectively and recover quickly from any form of cyber crisis. • Emerging Threat Trend Analysis: Work with Subject Matter Experts (SMEs) within government agencies (e.g. HTX, GovTech and CSA) and/or with external parties (e.g. third-party vendors) to determine the threat landscape. • Strategize the Cyber Crisis Preparedness: Determine current cyber preparedness posture, identify mismatch between threats and preparedness, clarify assumptions and aspects of preparedness and formulate the strategy to enhance the MHA’s cyber preparedness. • Strategize the Response & Recovery Plan: Design and maintain adaptive response playbooks and recovery procedures. E.g. develop strategies for various cyber scenarios (e.g. ransomware), supply chain attacks and advanced persistent threats (APTs). Establish robust backup verification and restoration protocols. • Coordination during Cyber Crisis: Step up to coordinate with respective key appointment holders during severe or prolonged and/or sustained cyber crisis. Expected to work with other counterparts to provide updates to the MHA’s senior management in times of cyber crisis. • Post-Crisis Review & Remediation: Work with incident response team to provide comprehensive post-incident reviews for all significant cyber security incidents, specifically focusing on the efficacy of crisis management, communication, and recovery efforts. Drive the implementation of critical lessons learned and remediation plans to prevent recurrence and enhance future response.

The principal accountabilities of the jobholder include (but not limited to): • Coordinate with HTDs and HTX to ensure timely reporting of all governance matters (e.g. CCoP, IM8 & MHA policies, NIDAS findings, Cyber Exercise findings) including periodic updates as well as ad hoc requests from various authorities. • Coordinate with HTDs and HTX on the conduct of annual cybersecurity risk assessment mandated by Cybersecurity Act. • Perform risk assessment on issues, especially in cases of non-compliance or deviations. • Coordinate with HTDs and HTX to provide proactive updates on compliance and health status to MHA senior management. • Coordinate all matters in the Security & Emergency (S&E) Sector helmed by MHA under the Cybersecurity Act e.g. designation of CIIs, determination of CII boundary exercise, notification of material change, collate, update and submit CII information records to CSA, reclassification of CIIs from ICT to OT or vice versa. • Participate in deliberations on cybersecurity matters with HTDs and CSA e.g. SingHealth COI Recommendations, ICS guideline consultations. This is to influence the requirements arising from such deliberations so that the requirements are not too onerous for HTDs to fulfil. • Participate and coordinates in CSA’s initiatives e.g. CSA organised national and sector level Cyber Exercises, CII Preparedness Committee meetings, OTCEP forum, workshops, Minister’s sector visit. • Maintain S&E Sector’s Cyber Defence Plan and Sectoral Threat Profile that provides a holistic picture of S&E Sector in terms of the core mission, cyber ecosystem, risks and challenges faced, development plans to boost cybersecurity capabilities, capabilities & processes that S&E Sector has in place.

• Tertiary qualification in computer science, computer engineering or equivalent, preferably with a major in cybersecurity. • Professional certifications such as CISSP, CISM would be advantageous. • Preferably at least 8 years of working experience, with at least 3 years in a cybersecurity and/or policy governance role. • Familiarity and experience with the CS Act, CCoP and public sector policies would be a bonus. Personal Characteristics & Behaviour: • Able to work independently as well as a good team player. • Good interpersonal skills and negotiation skills. • Able to work within tight deadlines. All new hires are appointed on a two-year contract in the first instance and will be assessed and considered for permanent tenure over time, based on performance. As part of the shortlisting process for this role, you may be required to complete a medical declaration and/or undergo further assessment. All applicants will be updated on the status of their applications within 4 weeks upon closing of the advertisement. #LI-NL1