Overview

This role will be working in the Defence and Resilience branch of the Cybersecurity Department. Threat can be unlimited. It is the ability to anticipate, withstand, respond, and evolve that defines the resilience of a company. Building cyber resilience and defence is a strategically important function within Temasek. The implementation of an effective and comprehensive cybersecurity resilience plan and strategy will enable Temasek to be better prepared during a crisis, ensuring prompt recovery and business continuity.

You will play a critical role of developing and executing a comprehensive cyber resilience programme and establish dynamic platforms for the firm to enable effective incident management, cyber centre of excellence, cyber awareness and education, and vulnerability detection.

Roles & Responsibilities

The SA Cybersecurity Defence and Resilience role will support the CISO in uplifting Temasek's cybersecurity resilience through development and execution of an effective cyber resilience programme and establishment of new/advanced cyber capabilities to strengthen cyber awareness, enhance cyber readiness and build incident response capability, thus driving a culture of cyber resilience across Temasek and its ecosystem.

Work closely with the CISO to drive the development and execution of an effective cyber resilience programme to support Temasek's mission and vision as the organization undergoes increasing digitisation in the face of evolving threats
Carry out independent review and analysis of cyber threats, alerts, potential gaps and vulnerabilities
Work closely with the CISO, senior management and business units to organize and run regular cyber exercises and workshops to strengthen crisis communications and incident response, management, and recovery
Work closely with the CISO and appointed consultants/vendors/providers to support the cyber engineering of threat detection capabilities and fine-tuning of existing cyber use cases
Engage service providers, business partners, and internal stakeholders to plan, evaluate and conduct IT security testing activities and cyber exercises in a timely, secure, and safe manner
Introduce engagement forums, community of practices and cyber awareness campaigns including conduct of simulated phishing exercises with internal and external stakeholders to uplift cyber awareness, readiness, and vigilance across Temasek and its ecosystem
Work closely with Business Units and Tech department to review the effectiveness and adequacies of current business continuity plans, disaster recovery plans, playbooks, backups, and redundancies as well as availability of resources to support a cyber crisis
Support CISO in the triage, response and management of potential or confirmed cyber incidents, critical vulnerabilities/gaps, and carry out after action reviews and investigation, following a resolution of a cyber incident
Support the establishment of framework and indicators in accordance with overall cyber strategy to continuously assess and measure the cyber resilience profile of Temasek and its ecosystem
Support conduct of engagement with internal and external stakeholders to enhance overall cyber resilience of Temasek and its ecosystem

Requirements

Minimum 4 years of relevant information security operations, cyber engineering, threat analysis and/or risk management experience with at least 1 - 2 years in managing cyber security operations, conducting cyber threat analysis, threat hunting, IT security testing, and/or incident response
Bachelor's degree in in engineering, information technology/security, cybersecurity, and related field. Professional information security certifications such as CISSP is an advantage
Possess strong cyber technical background with hands-on experience in cyber threat analysis, incident management, IT security testing and security operations. Prior experience in conducting red-teaming, vulnerability assessment, forensic investigation, and penetrating testing as well as organisation wide table-top exercise will be an advantage
Capable of articulating IT security and technical issues in a clear and actionable manner that highlights business risk context for the leadership
Meaningful executive presence and influencing skills
Highly agile and possess strong cyber domain knowledge across multiple areas (such as SOC/MSS, network, application and infrastructure security, data & information protection, supply chain security, and cloud computing security) and has knowledge of cyber regulation and compliance
Strong communication, interpersonal and leadership skills, with proven ability to manage multiple priorities, drive teams and collaborate across business units and partners to achieve desired end-goals

Soft Skills

Possess an inquisitive, structured, and logical mind to drive end-to-end strategy development and implementation
Strong analytical and problem-solving abilities
Excellent cross-group and interpersonal skills, with the ability to communicate with technical and non-technical teams
Ability to lead as well as work independently to organize, manage, conduct and complete projects
Excellent communication, presentation, and advisory skills, capable of engaging senior stakeholders