What the role is?
Cybersecurity is a critical pillar of CAAS’ work. To ensure that the Singapore air hub remains safe and secure for air travel, every mission-critical system that supports air hub operations must be well-protected and resilient against rapidly evolving, and increasingly complex, cybersecurity threats. We are looking for strong and dynamic candidates to be part of the resilience building and response team, with the newly established Cybersecurity and Data Governance Division. Together, you will be strengthening cybersecurity resilience and incident response of CAAS and the aviation sector, through development of enterprise-wide ICT security policies and standards, competency development plans, and training and awareness programmes.
What you will be working on?
Key responsibilities include:
• Review and develop CAAS ICT security policies and standards in line with government IM8
• Conduct independent ICT security assessments and reviews of ICT security reports to assess the adequacy and ICT security maturity of systems, infrastructure, services and processes;
• Engage CAAS system owners and development team to address any cybersecurity vulnerabilities and gaps identified in their systems;
• Engage CAAS system owners and work with appointed vendor to deploy new/emerging technical solutions to detect cybersecurity breaches and anomalies to enhance overall enterprise cybersecurity posture;
• Work with internal/external auditors, and system owners/vendors in planning and conducting ICT security audits, reviews, and cybersecurity exercises;
• Develop and review CAAS Cybersecurity Incident Response Plan to ensure relevance to cybersecurity threat landscape
• Be part of the incident and response team to respond and investigate ICT-related security incidents.
• Strengthen cybersecurity readiness/resilience of CAAS and aviation sector through phishing exercises, red-teaming, bug bounty programmes etc.
• Develop and implement a capability development plan for cybersecurity personnel in CAAS and the aviation sector
• Keep abreast of the latest industry ICT security practices and technologies, as well as emerging threats and vulnerabilities, in order to recommend appropriate controls and new solutions for implementation to enhance the enterprise security posture.
What we are looking for?
• Trained in ICT Security, Information Security, Information Technology, Computer Science, Engineering (Computing/Telecommunication), Cybersecurity or equivalent
• At least 3 years of direct and relevant ICT cybersecurity work experience (i.e. infrastructure and network security, software development security etc.)
• An active professional certification in ICT security or Information Security from ISACA, (ISC)2 or equivalent will be an advantage
• Strong domain knowledge of o Access control, telecommunications and network security o Information security governance, risk management and compliance; o Software development security; cryptography; o Security architecture and design especially on cloud o Operations security, business continuity and disaster recovery planning and forensic investigations o Security by design process for ICT systems
• Able to show understanding of the relationship between an information security programme and the broader business goals and objectives
• Self-motivated and independent, a good team player with well-rounded skillset, and can-do attitude
• Curious and passionate about cybersecurity with a hacker mindset
• Excellent verbal, written communication and interpersonal skills
• Strong analytical, presentation and negotiation skill If you share our passion to make a difference in the aviation cybersecurity landscape, apply now. Successful candidates will be offered a 3-year contract in the first instance, and may be considered for placement on a permanent tenure in subsequent renewal.


  • CLOSING ON 30/11/2022