Associate /Senior Associate, Cybersecurity (Defence & Resilience) (10915)

Overview of the team You'll be working in the Cybersecurity Department under the Defence and Resilience unit. You will play a critical role in developing and executing a comprehensive cyber resilience programme and establishing dynamic platforms for the firm as the cyber centre of excellence, driving cyber awareness and education, and vulnerability detection. The threat landscape is ever-evolving and the ability to anticipate, withstand, respond, and evolve defines the resilience of a company. Building cyber resilience and defence is a strategically important function within Temasek. The implementation of an effective and comprehensive cybersecurity resilience plan and strategy will enable Temasek to be better prepared during a crisis, ensuring prompt recovery and business continuity. Roles & Responsibilities The role will support the CISO in uplifting Temasek's cybersecurity resilience through the development and execution of an effective cyber resilience programme and the establishment of new/advanced cyber capabilities to strengthen cyber awareness and enhance cyber readiness and monitoring capabilities, thus driving a culture of cyber resilience across Temasek and its ecosystem.

• Drive the development and execution of an effective cyber resilience programme to support Temasek's mission and vision as the organization undergoes increasing digitisation in the face of evolving threats
• Carry out independent review and analysis of cyber threats, alerts, potential gaps and vulnerabilities
• Work closely with the CISO, senior management and business units to organize and run regular cyber exercises and workshops to strengthen crisis communications and incident response, management, and recovery
• Work closely with the CISO and appointed consultants/vendors/providers to support the cyber engineering of threat detection capabilities and fine-tuning of existing cyber use cases
• Engage service providers, business partners, and internal stakeholders to plan, evaluate, and conduct IT security testing activities and cyber exercises in a timely, secure, and safe manner
• Introduce engagement forums, the community of practices, and cyber awareness campaigns including the conduct of simulated phishing exercises with internal and external stakeholders to uplift cyber awareness, readiness, and vigilance across Temasek and its ecosystem
• Work closely with Business Units and the Technology department to review the effectiveness and adequacies of current business continuity plans, disaster recovery plans, playbooks, backups, and redundancies as well as the availability of resources to support a cyber crisis
• Support the establishment of framework and indicators in accordance with overall cyber strategy to continuously assess and measure the cyber resilience profile of Temasek and its ecosystem
• Support the conduct of engagement with internal and external stakeholders to enhance the overall cyber resilience of Temasek and its ecosystem
• Support and carry out any other tasks as assigned

• At least 4 years of relevant information security operations, cyber engineering, threat analysis, and/or risk management experience with at least 2 years in managing cyber security operations, conducting cyber threat analysis, threat hunting, IT security testing, and/or incident response
• Bachelor's degree in engineering, information technology/security, cybersecurity, and related fields. Professional information security certifications such as CISSP, Certified ethical hacker, and relevant GIAC certification will be an advantage
• Possesses a strong cyber technical background with hands-on experience in cyber threat analysis, incident management, IT security testing, and security operations.
• Prior experience in handling cyber incidents, conducting red-teaming, vulnerability assessment, forensic investigation, and penetrating testing as well as organization-wide table-top exercises will be an advantage.
• Capable of articulating cyber and technical issues in a clear and actionable manner that highlights business risk context for the leadership to make an informed decision
• Highly agile and possess strong cyber domain knowledge across multiple areas (such as SOC/MSS, network, application, and infrastructure security, data & information protection, supply chain security, AI, and cloud computing security) and knows cyber regulation and compliance
• Strong communication and interpersonal skills, with proven ability to manage multiple priorities, and collaborate across business units and partners to achieve desired end goals

• Possess an inquisitive, structured, and logical mind to drive end-to-end strategy development and implementation
• Strong analytical and problem-solving abilities
• Excellent cross-group and interpersonal skills, with the ability to communicate with technical and non-technical teams
• Ability to lead as well as work independently to organize, manage, conduct, and complete projects
• Excellent communication, presentation, and advisory skills, capable of engaging senior stakeholders
• Results-oriented, independent, assertive and self-driven