Responsibilities:

Vulnerability Management and Penetration Testing

• Carry out scoping activities to identify systems components which require testing.

• Define and translate requirements into test plans, scenarios, scripts or procedures.

• Conduct VAPT, black box and code reviews, and reverse engineering.

• Perform on-site security assessments of infrastructure components and computer systems.

• Propose recommendations for continuous improvement of testing processes and methodologies.

• Identify emerging security and risk management trends, issues, and alerts in VAPT activities.

• Prepare reports on VAPT results based on established guidelines.

• Provide inputs on security penetration testing in the development of software and applications.

• Review software designs, source codes and deployment to address cyber security issues.

• Maintain repositories for certification documentation and modifications.

Risk Management Assurance

• Identifying, analysing and proposing Cyber Security Risk Mitigation measures.

• Assist in managing Cyber Security Risk Posture and tracking of Cyber Security Risk Deviation.

• Review IT implementation alignment in accordance with Cyber Security Policies,

• Participate in NTU’s Cyber Security Governance efforts.

Project Management

• Implement realistic project plans based on the understanding of project objectives and project scope.

• Utilise appropriate methods and tools to track and drive progress of project against set plans and timelines.

• Identify risks to the success of projects and take appropriate actions to manage them.

• Collaborate effectively with relevant internal and external stakeholders directly impacting the project.

• Track project deliverables against project schedules, monitor costs, timescales and resources used and take basic corrective actions in case of misalignment.

Stakeholder Management

• Conduct stakeholder mapping to identify facets and nature of relationships with and between stakeholders.

• Manage stakeholders' expectations and needs, based on the organisation's position and resources.

• Articulate each stakeholder's role and responsibilities.

• Serve as the organisation's main contact point or representative for communicating with stakeholders, addressing queries, and providing clarifications.

• Represent the company's interests when interacting with stakeholders.

• Engage stakeholders regularly to set and align expectations and activities as well as to exchange feedback.

• Coordinate partnerships with external stakeholders.

• Maintain communication channels with inter-organizational stakeholders and partners.

Requirements:

• Tertiary/Degree qualification in Computer Science/Information Technology or related discipline

• At least 2-3 years of relevant working experience. Experienced candidate shall be considered for more senior role.

• Experience in managing the implementation of cyber security projects, initiatives, and operationalize processes in concert with the relevant stakeholders and teams.

• Experience in managing vulnerability management tools and Penetration testing vendors.

• Strong understanding of cyber security architecture principles, applicable to perimeter defences, emerging cyber threats, public Cloud, etc.

• Good understanding and knowledge of network and security technologies including Cloud based technologies

• Good understanding and knowledge of ISMS (ISO 27001) and Cyber Security Risk Management.

• Professional Credential in CISSP, CISM will be advantageous.

• Strong documentation, presentation skills and good communication skills.

• Independent and able to perform tasks with minimum supervision.

• Passionate about Cyber Security and emerging technologies trend.