Cyber Defense Lead

Job Description

Company: Univers

Location: SG

Univers provides the world’s most comprehensive decarbonization system.

The Head of Cyber Security Operations leads the organisation’s end-to-end cyber defence capability across enterprise and production environments. The role owns the strategy, operation, and continuous improvement of a 24/7/365 Security Operations Center (SOC), spanning threat detection and response, threat and vulnerability management, digital forensics, security engineering, and the supporting technology stack (SIEM, SOAR, XDR, WAF, SASE, PAM, TIP, and network firewalls).

Reporting to the CISO, the role combines hands-on technical leadership with executive-level governance, risk management, and stakeholder engagement.

Head of Cyber Security Operations

Responsibilities:

Strategic Leadership and Vision

• Cyber Defence Strategy: Develop and execute an enterprise-wide security strategy and roadmap aligned to business goals and risk appetite, securing executive sponsorship and full-stack security coverage.
• Policy & Standards: Establish, enforce, and regularly review security policies, standards, procedures, and guidelines (including Acceptable Use Policies) to mitigate risk and meet regulatory requirements; conduct quarterly reviews and support ISMS and BCP execution.
• Risk Management: Identify, assess, and register cybersecurity risks; review and approve risk exception requests, balancing security with operational needs; report risk posture, threats, and remediation plans to the CISO and Cybersecurity Risk Manager.
• Security Engineering Governance: Define and enforce governance frameworks ensuring all security designs, implementations, and deployments adhere to best practices, CIS baselines, and organisational standards.
• Budget & Financial Planning: Own the SOC budget, allocating resources effectively and identifying opportunities to optimise spend while maintaining or improving security outcomes.
(SOC) Oversight 24/7/365 Security Operations Center:
• 24/7/365 Operations: Lead daily SOC operations across enterprise and O&M production environments, ensuring continuous monitoring, detection, and response while meeting SLAs and maintaining high case-handling quality.
• Quality Assurance: Oversee four-eyes case reviews, shift handovers per SOP, and real-time approvals for whitelisting, blacklisting, and exceptions; provide feedback to prevent mishandled cases.
• Detection Engineering: Drive the development and tuning of detection rules, correlation logic, and automated response, continuously evolving the SOC to counter emerging threats.
• Metrics & Reporting: Maintain SOC metrics, dashboards, and daily/weekly reporting that measure operational effectiveness and communicate security posture to leadership.
• Channel Management: Govern intake and escalation across mailboxes, SOAR cases, ticketing (e.g., ServiceNow), and collaboration platforms (Teams, WeCom).
Incident Response, Forensics & Crisis Management
• Incident Lifecycle: Lead the full incident response lifecycle — preparation, detection, analysis, containment, eradication, recovery, and lessons learned — in close coordination with the SOC Lead, ensuring minimal business impact.
• Crisis & On-Call Leadership: Lead major incident and crisis response at any hour, coordinating across departments and external partners as required.
• Digital Forensics: Lead forensic investigations to determine cause, scope, and impact of breaches; ensure proper acquisition, chain of custody, and up-to-date forensic tooling, methodologies, and SOPs aligned with legal and regulatory standards.
• Playbooks & SOPs: Ensure comprehensive, regularly reviewed playbooks and SOPs exist for every incident type, aligned with regulatory and business needs.
• Post-Incident Improvement: Review post-incident reports, assign remediation gaps to the responsible teams with mitigation plans and milestones, and track corrective actions to closure.
Threat and Vulnerability Management:
• Vulnerability Management: Oversee identification, reporting, and remediation of vulnerabilities across enterprise and production; maintain an agreed workflow with IT and O&M for timely patching or formal risk acceptance with the Risk Manager.
• Threat Hunting: Lead proactive threat hunting to uncover advanced threats that evade automated detection, neutralising them before impact and reporting findings.
• Threat Intelligence: Integrate internal and external threat intelligence (via the TIP) to anticipat

Source: BeBee