Senior / Cyber Security Governance Specialist
Job Description
NTU's Centre for IT Services (CITS) manages the University's campus-wide IT infrastructure and delivers enterprise IT, learning systems and digital services that support NTU's education, research and administrative functions. As part of CITS, the Cyber Security team is responsible for strengthening the University's cybersecurity posture through Cyber Security Governance, Cyber Security Operations and Cyber Incident Management.
We are seeking an experienced Senior / Cyber Security Governance Specialist to join our Cyber Security Governance team. In this role, you will play a key part in defining and governing enterprise cybersecurity frameworks, leading technical cyber assurance initiatives, and enhancing the University's resilience against evolving cyber threats.
Key Responsibilities
Lead technical cyber assurance initiatives by defining and governing the scope, schedules, methodologies and standards for internal and external web, mobile, network and API penetration testing.
Conduct security reviews and audits of enterprise security infrastructure, maintain security documentation, and oversee complex access control administration and security-related issues.
Design risk assessment frameworks and security guardrails for applications developed using AI-assisted software development platforms and establish testing methodologies to identify vulnerabilities in AI-generated code.
Review and approve secure system architectures, ensuring security principles are embedded into system designs and technology implementations.
Evaluate authentication solutions, network security configurations, security software updates and technical implementations to safeguard enterprise systems.
Plan, manage and deliver cybersecurity risk assurance projects, ensuring project objectives, timelines, resources and budgets are effectively managed.
Partner with Schools and stakeholders across the University to identify cybersecurity risks, provide expert technical consultation, and recommend appropriate risk mitigation strategies.
Build trusted relationships with stakeholders by providing cybersecurity advisory services, supporting key business and technology initiatives, and promoting cybersecurity governance across the University.
Requirements:
Bachelor's degree in Computer Science, Computer Engineering, Cyber Security or a related discipline.
Professional certification in OSCP or CREST is required. Additional certifications such as CISSP, CISA, CISM or GIAC will be an advantage.
At least 8 years of relevant IT experience, including at least 2 years in Cyber Security Engineering, Cyber Assurance, Penetration Testing or IT Risk and Governance.
Strong knowledge of security issues in code written by AI agents (e.g., OWASP Top 10 for LLMs).
Good understanding of cybersecurity frameworks and methodologies such as NIST Incident Handling Guidelines, Cyber Kill Chain, MITRE ATT&CK framework.
Proficient in penetration testing methodologies, secure software development lifecycle (SSDLC), and security assessment of code repositories such as GitHub and GitLab.
Demonstrated ability to perform cyber risk assessments, analyse complex technical environments, and develop effective security solutions.
Proven project management capabilities with experience leading cybersecurity initiatives from planning through implementation.
Excellent communication, stakeholder management and interpersonal skills, with the ability to provide expert technical consultation and influence cybersecurity outcomes across technical and business stakeholders.
We regret to inform that only shortlisted candidates will be notified.
Hiring Institution: NTU