Title:  Assistant Cyber Audit and Risk Assessment Manager

We are looking for an experienced and passionate cybersecurity professional with a strong background in cybersecurity audits and risk assessments focused on both Information Technology (IT) and Operational Technology (OT) environments. This role demands a keen eye for detail and a proactive approach to identifying vulnerabilities, ensuring compliance, and enhancing security postures in highly regulated and dynamic environments.

Key Responsibilities

• Provide expert professional services directly within customer environments, delivering end-to-end cybersecurity audit support and risk assessment engagements.
• Lead the planning, coordination, and execution of cybersecurity audits, working closely with client stakeholders to gather comprehensive audit evidence.
• Produce insightful, clear, and actionable reports, synthesising complex audit findings into recommendations that inform clients' cybersecurity strategies.
• Implement Cybersecurity Security-by-Design principles to ensure new and existing systems uphold robust security standards from inception through lifecycle.
• Conduct detailed analyses of cybersecurity governance frameworks and IT/OT critical systems controls to evaluate risk and compliance levels.
• Assess the cyber maturity of IT security programmes, identifying gaps and opportunities for improvement in alignment with industry best practices and regulatory requirements.
• Manage data security strategies, focusing on safeguarding sensitive information assets while facilitating regulatory compliance.
• Perform gap analyses and governance assessments against recognized standards and policies including CCOP, CP8, IM8, NIST, ISO, and IEC 62443, among others.
• Provide advisory services with strategic mitigation recommendations tailored to client needs and risk profiles.
• Evaluate the effectiveness of cybersecurity and privacy programmes through rigorous measurement methodologies.
• Review and refine cybersecurity frameworks, information and cyber security policies, processes, and procedures, ensuring they meet evolving threats and business objectives.
• Prepare and effectively present audit and assessment reports to a variety of customer audiences, fostering understanding and buy-in.
• Lead and manage multiple projects concurrently, ensuring timely delivery and alignment to client expectations.
• Engage in pre-sales consultancy activities including delivering compelling business proposals and presentations, helping to expand the division’s market presence and solutions adoption.

Requirements

• A minimum of 5 years' experience in cybersecurity audit or IT/OT audit, demonstrating a solid track record of delivering high-quality advisory and audit services.
• Possession of the Certified Information Systems Auditor (CISA) certification or completion of the CISA examination is mandatory, underscoring your expertise in auditing information systems.
• Proven experience conducting external cybersecurity compliance audits aligned with national and industry codes of practice such as CCoP, CP8, IM8, ISO, and IEC.
• Additional certifications such as Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), or equivalent, are highly regarded, highlighting your comprehensive cybersecurity knowledge beyond audit functions.
• Strong analytical skills combined with excellent communication and presentation abilities to effectively engage with clients and internal teams.
• Demonstrated project leadership and stakeholder management capabilities with the ability to coordinate cross-functional teams and deliver results in a timely manner.
• A proactive approach to continuous learning and staying up to date with the latest developments in cybersecurity standards, technologies, and best practices.

Work location: Jurong East