Log In

Don't have an account? Sign up now

Lost Password?

Sign Up

Password will be generated and sent to your email address.

I.T. & Communications

Snr Manager, Vendor Security Governance Permanent

Company description:

Singapore Telecommunication Pvt Ltd

Job description:

Job Summary

The position will be part of the Third-Party Risk Management (TPRM) team within Group Governance & Compliance (GGC) team.

The role of this position is to perform cyber security risk assessments on third parties in compliance with regulatory requirements and organizational policies. He/she would provide Cyber Security Risk Committees (CSRC) oversight on cyber security risks of Third-Party Service Providers (TPSPs).

The position will be responsible to work with Business Unit stakeholders, and update identified cybersecurity risks of TPSPs to them. He/she would provide the required risk advisory to assist the stakeholders to make the appropriate decision to address the identified risks.

KEY RESPONSIBILITIES

  1. Work with TPRM Associate Director to support the third-party security risk agenda of the Group CISO.
  2. Define, develop, introduce and/or enhance existing processes to mature Third-Party Risk Management Program.
  3. Execute the Third-Party Risk Management Program incorporating third-party cyber risk management process and cyber security assessment methodologies using industry standards to safeguard Singtel Group information assets against cyber threats and risks.
  4. Schedule, supervise and manage the cybersecurity risk assessment on Third-Party Service Providers (TPSPs).
  5. Perform cyber security assessments on TPSPs to provide Cyber Security Risk Committee (CSRC) oversight on cybersecurity risks of TPSPs.
  6. Communicate identified cybersecurity risks of TPSPs to Business Unit stakeholders and provide the required risk advisory to assist the stakeholders to make the appropriate decision to address the identified risks.
  7. Monitor all identified cyber security risks of systems or services (operated or managed by TPSPs) to ensure they are addressed within agreed timelines and update the Business Owners periodically.
  8. Provide regular reporting to CSRC on security postures of TPSPs.
  9. Review the reports of TPSP assessments carried out by the team members and provide guidance to them for improve team performance.
  10. Provide assessment findings and risk trends of TPSPs to Policy & Awareness team for sharpening the standards and guidelines.
  11. Work with Group Legal, Risk and Procurement to ensure that TPSP Cybersecurity Risk Management Program remains relevant to each Business Units.

Major Challenges

  • Third-Party Risk Management Program has not been fully updated into the Procurement Process.
  • Ensure that identified risks are tracked and reported to the various stakeholders in a timely manner.
  • Communicating the potential impact of a technical risk as a financial or business risk to stakeholders / management.
  • Ensure that all risk assessments and treatment approach are implemented correctly to demonstrate due diligence in addressing the Cybersecurity Resiliency concerns.
  • Maintaining the currency of the central cybersecurity risk and remediation plan registry for the Business Units.
  • Stay abreast of Cybersecurity issues and regulatory changes affecting Singtel Group businesses.

Ideal Candidate should possess

• Bachelor Degree in Computer Science, Computer Engineering, Electrical Engineering or other relevant field of study

(Candidates without degree but has relevant experience will also be considered.)

  • Minimum 8 years of experience as an Information Security Professional
  • Experience working as part of an internal Audit, Governance and Compliance team.
  • Advanced understanding in the following areas: Platform Security, Data Security, Network Security, Physical Security, Security Assessment Tools, Security Monitoring Tools.
  • Advanced understanding in the following areas: Security Governance Standards, Business Continuity Planning, Enterprise Risk Management, Computer Security Incident Response, and Security Compliance Audits.
  • Have exposure to other compliance audits such as PCI-DSS, SSSAE, ISO27K, SOX, and other information security framework
  • Professional security management certifications such as a Certified Information Systems Security professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials, is preferred.
  • Minimum 2 years of practical experience in vendor security management is preferred
  • Experience using or administrating GRC solutions is preferred

Job Overview

  • Date Posted:
  • Location: Singapore
  • Job Title: Snr Manager, Vendor Security Governance
  • Hours: Full Timeh / week
Apply for job

Job Location