#SGUnitedJobs Agency Chief Information Security Officer (ACISO)

  • Job Category
    Information Technology, Public / Civil Service
  • Job level
    Middle Management
  • Contract type
    Full Time

Job Description

The appointed Agency Chief Security Information Officers (ACISO) will oversee infocomm security management and the enhancement of infocomm security capabilities in Agency so that security is well-considered in ICT and digitalisation matters in alignment to established policies and standards.
As ACISO, you will be responsible for the planning, development and implementation of information security strategies and related policies. You are also required to follow, implement and refine organisational security policies and best practices in line with regulatory requirements and Whole-of-Government (WOG) directions. 
What to Expect:
  • Provide leadership within the information security sphere through the development of appropriate cyber security strategies and action plans
  • Obtain executive support and formulate information security goals and establish policies, standards and procedures in line with WOG cyber security directions 
  • Provide security governance, enforcing cyber security risk assessment and risk acceptance from stakeholders 
  • Ensure cyber security compliance to WOG policies and standards
  • Review, endorse and develop risk management and mitigation plans
  • Advise the appropriate cyber security solutions and technologies to be deployed
  • Develop security awareness programmes and define processes for Threat and Incident Management
  • Plan, design and conduct security incident response workshops and exercises (e.g. table-top exercises, simulation, drills)
  • Advise and ensure secure ICT development life cycle, security controls implementation and asset management
  • Align IT needs with the strategic cyber security direction of WOG
How to Succeed:
  • Degree in Computer Science, Information Systems, Engineering or equivalent
  • Strong interpersonal and stakeholder management skills
  • Ability to work with cross-functional, multi-disciplined team to formulate, institute and monitor security policies and procedures
  • At least 8 years of management experience related to information security and working knowledge of ICT operations, security policies and procedures
  • Good understanding of both IT and business processes, and the relationship between them
  • Preferably holding ‘Certified Information Systems Security Professional’ (CISSP), ‘Certified Information Systems Auditor’ (CISA) or ‘Certified Information Security Manager’ (CISM) certifications

Closing on 24 May 2021