Cyber Security Specialist (2-years contract)

Job Description

Company: NTUC LearningHub

Location: SG

About the Role

We are hiring a Cyber Security Specialist to support Security Operations (SOC) and Cybersecurity Governance, Risk & Compliance (GRC) in an enterprise environment.

This is a hands-on role involving SIEM monitoring, incident response, vulnerability management, and ISO27001/Cyber Trust Mark compliance, working closely with IT Infrastructure & application teams, business stakeholders & external vendors to monitor threats, manage vulnerabilities, respond to security incidents, and strengthen cybersecurity governance across the organisation.

Key Responsibilities:

1. Security Operations (SOC) & Incident Response
• Monitor and analyse SIEM alerts, security logs, and threat intelligence feeds
• Investigate and respond to cybersecurity incidents (phishing, malware, unauthorised access)
• Perform incident triage, root cause analysis, and remediation tracking
• Manage security operations tickets and coordinate resolution with IT teams

2. Vulnerability Management
• Review & analyse vulnerability scanning and penetration testing reports (VA/PT)
• Track and manage remediation of vulnerabilities with infrastructure and application teams
• Recommend improvements to security controls and risk mitigation measures

3. Cybersecurity Governance, Risk & Compliance (GRC) & Audit Readiness
• Conduct cyber risk assessments and support mitigation planning
• Collect, prepare, and manage audit evidence and technical artifacts to support internal/external security reviews, including Information Security (IS) audits and Cyber Trust Mark certifications.
• Support third-party/vendor risk assessments and security due diligence
• Maintain security policies, SOPs, aligned to and governance frameworks such as ISO 27001 and NIST
• Track and report cybersecurity KPIs, KRIs, and risk metrics

4. Security Tools & Technology
• Support and manage enterprise security tools such as:
• SIEM (e.g. Splunk, QRadar)
• Endpoint Security / Antivirus / EDR
• Privileged Access Management (PAM)
• Multi-Factor Authentication (MFA / 2FA)
• Monitor security tool performance and effectiveness

5. Security Advisory & Projects
• Provide cybersecurity assessment, advisory & assurance for system implementations and IT projects
• Evaluate security architecture & solution designs to ensure secure-by-design principles and compliance with enterprise specifications
• Ensure security controls are integrated into applications, infrastructure, and cloud environments

6. Security Awareness & Cyber Resilience
• Design, execute, and analyse regular enterprise-wide cyber awareness training including the support of phishing simulations to measure organizational risk and tailor subsequent user training
• Lead cybersecurity awareness training and coordinate Business Continuity Planning (BCP), tabletop exercises and cyber incident simulation drills.

Requirements:

Must-Have
• Degree in Cybersecurity, Information Security, Information Technology, or related
• 3–5 years of experience in cybersecurity / SOC / GRC roles
• Hands-on experience in:
• SIEM monitoring & incident response (SOC environment preferred)
• Vulnerability management (VA/PT remediation)
• Security tools (EDR, PAM, MFA, Antivirus)
• Knowledge of cybersecurity frameworks:
• ISO27001, NIST, Cyber Trust Mark
• Strong analytical, problem-solving, and incident handling skills
• Ability to engage stakeholders and communicate with technical & non-technical audiences
• Hands-on experience directing Managed Security Service Providers (MSSPs), tracking vendor delivery performance, and reviewing external SOC escalations against enterprise incident response baselines

Preferred Skills
• Experience with cloud security (AWS, Azure)
• Exposure to security audits, compliance, or regulatory environments
• Experience in security architecture or project implementation
• Certifications such as:
• CISSP, CISM, CEH, Security+ (advantageous)

What We Offer
• Exposure to both SOC operations and cybersecurity governance (GRC)
• Opportunity to work with enterprise security tools and frameworks
• Involvement in incident response, audits, and risk management
• Structured environment with opportunities to build cybersecurity expertise

Source: LinkedIn Singapore