Job Summary The IT Security Lead manages end-to-end security governance, compliance, and operations for mission-critical systems, collaborating with cross-functional teams and external auditors to ensure adherence to government security policies. Responsibilities Day 1 – Project / Implementation Security Define and implement system security architecture aligned with Singapore Government policies Review application, middleware, infrastructure, and platform designs for security compliance Conduct threat modeling and risk assessments, mapping risks to mitigating controls Translate policy requirements into actionable technical controls across technology stacks Ensure compliance with IM8, Whole-of-Government security requirements, and PDPA where applicable Establish and oversee cybersecurity governance across infrastructure, application, and project teams Prepare and maintain documentation including Security Risk Assessments, Vulnerability Assessments, Penetration Testing reports, and security hardening baselines Partner with software teams to enforce secure coding standards and DevSecOps practices Integrate and govern SAST/DAST, dependency/SCA scanning, and container image scanning within CI/CD pipelines Review and triage security tool findings, driving remediation and risk acceptance decisions Provide guidance on API security, token/secret management, and secure service-to-service communication Plan, coordinate, and manage vulnerability and penetration testing engagements and vendors Track remediation progress to closure and document residual risks and risk acceptance Support security clearances and go-live certifications Review and approve OS, middleware, database, Kubernetes/container security, API gateway, WAF, rate-limiting, and authentication configurations Day 2 – Operations / Production Security Lead security incident investigations, containment, and recovery efforts Perform root cause analysis and define corrective and preventive actions Coordinate with Government SOC and stakeholders; contribute to and refine incident response playbooks Communicate security incidents clearly to technical and non-technical audiences Oversee continuous vulnerability monitoring and posture management Track patch and configuration compliance across infrastructure, middleware, applications, and containers Provide risk assessments and compensating controls for deferred patches Review and tune alerts, detections, and dashboards in SIEM and related tools Ensure monitoring coverage for critical systems and high-value assets Support internal and external audits, evidence collection, and closure of audit findings Prepare and present security posture, metrics, and trend reports to management Maintain risk registers and mitigation plans with up-to-date security documentation Communicate security assessments and findings effectively to varied stakeholders Oversee and periodically review RBAC, MFA, Privileged Access Management, and joiner/mover/leaver processes Ensure least privilege access, segregation of duties, and periodic access recertifications Support incident response handling, log analysis, and activity reviews Drive continuous improvement across identify, protect, detect, respond, and recover functions Required competencies and certifications Degree in Computer Science, Cybersecurity, Information Security, or equivalent 8–12 years of IT experience including at least 5 years as a Security Lead or Security Architect Proven experience in Singapore Government IT projects and IM8/government security compliance Hands-on experience with Kubernetes/Docker security, API security, Identity & Access Management (IAM), and security tools (SAST/DAST/SIEM) integrated with CI/CD Preferred competencies and qualifications Certifications such as CISSP, CISM, CISA, CEH, GIAC (e.g., GSEC, GCIA, GCIH, GCSA) AWS or Azure Security certifications 5 day week @ AMK area Maestro HR damien lee tian hong R1106726 16C8462