Cyber Security Consultant

Key Responsibilities

1. Cyber Risk Management & Security Architecture

• Conduct cybersecurity risk assessments, perform cyber threat modeling, and translate findings into actionable business risks.
• Provide security design advisory across the System Development Lifecycle (SDLC) for internal projects and applications.
• Develop and implement risk management frameworks to safely enable the adoption of emerging technologies, particularly Artificial Intelligence (AI) and Generative AI tools.
• Perform cybersecurity reviews of network and system architectures to ensure compliance with internal standards.
• Translate security, privacy, and GRC requirements into actionable controls and implementation designs.
• Support the development of risk dashboards, reporting, and automation to monitor the organisation's security health systematically.

2. Cybersecurity & Data Protection Project Delivery

• Lead and manage the end-to-end delivery of key cybersecurity initiatives, including Data Classification, Data Loss Prevention (DLP) implementation, and Data Discovery/Inventory.
• Systematically manage project plans, timelines, dependencies, risks, and reporting, ensuring delivery on time, within scope, and to quality expectations.
• Contribute to continuous improvement by supporting proof-of-concepts (POCs) for new technologies and refining operational SOPs.

3. Security & Privacy Integration

• Champion Privacy-by-Design implementation (Bonus point skill) across systems and platforms, assisting in data flow mapping and the protection of sensitive data.
• Work closely with the Cyber Engineering Team to implement technical controls arising from Data Privacy Impact Assessments (DPIAs), risk assessments, and regulatory requirements (e.g., PDPA).
• Formulate and update enterprise security policies to address modern threat vectors, including acceptable AI usage guidelines, cloud security standards, and third-party risk management.

4. Stakeholder & Vendor Management

• Collaborate with infrastructure, application, and business teams to seamlessly onboard systems into security platforms without hindering business agility.
• Coordinate effectively with external vendors, system integrators, and Managed Security Service Providers (MSSPs).
• Build trust-based relationships with non-technical leadership, providing regular updates on project progress, risks, and issues.

Job Profile

Required Skills and Knowledge

Experience

• At least 5–8 years of progressive experience in cybersecurity, blending GRC, risk management, and hands-on project delivery within an enterprise environment.
• Demonstrated ability to systematically manage complex technical projects and lead cross-functional teams within a matrix environment, including coordinating effectively with MSSPs and external vendors. (Good to have)
• Strong command of emerging risks (such as AI, Cloud, and Third-Party Risk), coupled with up-to-date knowledge of evolving regulations and industry standards. (Good to have)

Technical Skills

• Hands-on experience with initiating, performing cybersecurity risk assessments, treating and managing cybersecurity risks at system and enterprise level.
• Good understanding of:
• Network, systems, and cloud architecture
• Security concepts (least privilege, encryption, data protection)
• Ability to translate business/security requirements into technical implementation

Knowledge

• Familiarity with Singapore regulatory requirements such as:
• PDPA
• Cybersecurity Code of Practice (CCoP)
• Familiarity with AI security frameworks (e.g., NIST AI RMF) and cloud security best practices (e.g., CSA CCM) is highly advantageous. (Good to have)
• Deep and practical familiarity of cybersecurity frameworks: (Good to have)
• ISO 27001
• NIST CSF 2.0
• MITRE ATT&CK Framework

Certifications (At least one or more is preferred)

• CISSP (Certified Information Systems Security Professional)
• CISM (Certified Information Security Manager)
• CRISC (Certified in Risk and Information Systems Control) (Good to have)
• CCSK (Certificate of Cloud Security Knowledge) (Good to have)
• CCSP (Certified Cloud Security Professional) (Good to have)
• AWS Certified Solutions Architect – Associate (Good to have)
• AWS Certified Security – Specialty (Good to have)
• CDPSE / CIPP/A (for privacy-related work) (Good to have)
• PMP (Project Management Professional) (Good to have)