Job Description

Manager, Governance (Cybersecurity and Digital)

We are looking for a dynamic individual to join CAG as a cybersecurity and digital governance steward. You will help the business and product owners achieve their objectives in a digitally safe and secure manner as we embarked on new and exciting digital transformation projects to keep Changi Airport in the hearts and minds of travellers, the public, our employees, and partners. This individual will be reporting to the leader of the team who is responsible for the digital and cybersecurity governance of IT and digital assets (products and systems) of Changi Airport Group.

Responsibilities:

• Work with key stakeholders to ensure that compliance assessments of CAG products and systems are conducted in accordance with CAG digital policies and standards.
• Work with key stakeholders as a consultant and advise on solutioning to incorporate and translate digital and cybersecurity governance into lower-level guidance, building up a manageable architecture that adhere to system wide policies.
• Responsible for ensuring that security tools and technologies are deployed in the current environment in line with architectural requirements and security-by-design in the project phase. The role is also responsible for managing system and product vulnerabilities by enforcing security risk assessment, such as Vulnerability Assessment and Penetration Testing or Source Code Review, to be conducting prior to commissioning of any digital products or systems.
• Work with various stakeholders to implement and enhance digital policies, standards, and best practices
• Collaborate with CAG’s data protection community to develop policies, processes, and procedures for system and product data protection.
• Drive digital polices and standards awareness and training program
• Promote and encourage compliance with and enforce digital policies and standards
• Prepare publications and communications as well as conduct briefings and trainings to raise awareness of CAG digital policies compliance, standards, and best practices, amongst CAG and partners
• Provide regular digital policies and standards updates at various forums
• Review and ensure DevSecOps tools and infrastructure provisioning & configurations adhere to CAG’s guidelines and policies.
• Work with internal and external auditors in planning and conducting IT audits, and reviews.
• Stay current and be in the know of the latest industry ICT security practices, industry trends and regulatory requirements especially that from Cyber Security Agency of Singapore and Personal Data Protection Commission. Keep abreast of emerging threats and vulnerabilities and recommend appropriate polices and controls to enhance the enterprise security posture.

Requirements:

• Degree in Computer Science, Computer Engineering, Information Systems, or other quantitative / computational discipline.
• Possesses minimum of 5 years of relevant experience.
• Hands-on experience with Agile methodology and processes.
• Experience in building and/or managing cloud infrastructure including serverless cloud architecture, container platform and/or managing DevSecOps tools
• Demonstrate skillset and knowledge in security areas such as Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST).
• Experience in developing and implementing policies, processes, and procedures  
• Strong project management and organisational skills.  Experience in working with cross-functional teams in a dynamic environment. Professional certification in project management will be advantageous.

• Excellent communication and negotiation skills with various internal and external stakeholders.
• Motivated and driven, able to work independently and a good team player as part of a multidisciplinary team.
• Professional certification in ICT security or Information Security from ISACA, (ISC)2 or equivalent including CISSP, CISM, CISA will be advantageous.

Desired Traits

• A responsive problem solver with strong sense of ethics
• Willing to step out and engage with the CAG community
• Vigilant and attentive to details
• Strong analytical, presentation and negotiation skill
• Self-motivated, a good team player with well-rounded skillset and can-do attitude
• Excellent verbal, written communication and interpersonal skills

Skills Required

• Agile
• Interpersonal Skills
• Team Management
• People Management