Lead, Cloud Security COE, Singapore

Be a Part of Something BIG! This role will report to the Director of Cloud Security COE and is expected to lead in cloud security standards and best practices, advocate cloud security reference architectures, drive compliance and security monitoring, and engage stakeholders and partners to improve the cloud security posture in Singtel. As Singtel has subscribed to multiple cloud service providers, functional leadership is needed to manage cloud security risks and identify/maintain cost-effective security solutions to monitor and remediate cybersecurity risks. This role will also advocate alignment of cloud security technologies/solutions and processes across different BUs within Singtel SG and if needed, support similar efforts across OpCos and affiliates.

• Drive governance oversight and processes for cloud security compliance, best practices and risk management.
• Provide cloud security advisory, design, engineering (including automation) and ops support for cloud security technology stacks.
• Guide stakeholders during security escalation/incidents in the clouds and educate stakeholders on cloud security awareness and management reporting.
• Support management reporting cloud security risks, remediation plans, and security metrics.
• Drive cost-effective and streamlined operation of in-scope cloud security technology stacks.
• Engage with multiple E level stakeholders (e.g., Enterprise Architecture, Enterprise Platform, TI, Consumer Business, Enterprise Business, Enterprise IT, Corp Systems etc) having varied set of cloud security awareness, business considerations, priorities and risks.
• Keep abreast with new emerging cybersecurity/cloud trends, risks and incidents, and regulatory requirements affecting Singtel.
• Regularly review and learn from historical events, outside-in lessons and thematic analysis, and drive improvement plans. Consistently look forward and be proactive in identifying improvements to futureproof existing cloud security controls.

• Bachelor degree in Cybersecurity, Information Security, Computer Science or equivalent technical degree.
• Professional certifications like CISSP, CISM, CISA, CCSP, CRISC, GCIH or OSCP will be preferred.
• At least 8 Years or more Cybersecurity risk assessment and risk reduction initiatives.
• Application, infrastructure, cloud and cybersecurity technologies including CNAPP, DevSecOps, containers.
• Application/network vulnerability assessment and validation.
• Regulatory requirements, security standards, and best practices pertaining to cybersecurity and cloud risk management.
• MITRE frameworks, threat modelling, assessment, and hunting.
• Security operations, especially security incident handling.
• Cloud architecture, design, implementation, and operation.
• Hands-on experience in system integrations and any of the abovementioned requirements will be preferred.
• CSP-specific professional certifications from AWS, Azure, Google will also be advantageous.
• Project/Programme Management.
• Experience in conducting audit or assurance testing.
• Experience in conducting thematic analysis.