Engineer II, Cybersecurity Governance

Job Description

Title: Engineer II, Cybersecurity Governance

Location: Singapore

About Circles

Founded in 2014, Circles is a global technology company reimagining the telco industry with its SaaS platform - Circles X, helping telco operators launch and operate successful digital brands through its offerings.

Having pioneered a successful blueprint for disrupting the telco space in Singapore, Circles has since launched its own digital telco, Circles.Life, in Singapore, Taiwan and Australia. Circles has also partnered with other telco operators to launch digital services, enabling our partners to accelerate growth and capture market share within a short period of time.

Today, Circles is partnering with operators in 14 countries to deliver delightful digital experiences to millions of people through our businesses.

We are backed by global investors such as Sequoia, Warburg Pincus, EDBI and Founders Fund – renowned backers of industry-shaking innovators.

Mission

Our Mission In Circles Is To Become a World-class Cybersecurity Function By Cultivating Security As Job Zero Across The Organisation. This Means Security Is Enforced As An Integral Component Across Every Facet Of Our Business Globally, Whereby

• Security is second nature;
• Security is in the DNA of everything we do; and
• Cultivating and maintaining a Security conscious culture
  
  

The Role

As a team member of Cyber Governance & Assurance vertical within Information & Cybersecurity Function, primarily responsible to ensure that Circles.Life and its global offices are always maintaining robust, sustainable and adequate governance practices and compliance as follows -

Develop, mature and operationalise cybersecurity framework, policies, procedures, guidelines and baseline standards within the Group.

• Ensure cybersecurity best practices are embedded within new initiatives, ongoing change management and evaluate the security impact of the initiatives.
• Ensure organisational crown jewels are adequately protected in accordance with regulatory and data protection regulations such as ISO27701, PCI DSS, Market specific Data Protection regulations including PDPA, GDPR.
• Develop data privacy and protection framework, enhance existing policies and work programs to align with expectation of relevant data privacy laws.
• Identify, risk assess and prioritize various information, data assets across the Enterprise.
• Support the day-to-day functioning of the Data Privacy Office by:
• Serving as a point of contact within group on issues related to data privacy;
• Performing privacy impact assessments, maintain records of processing activities; Serving as subject matter expert to stakeholders on privacy matters
• Participate in investigation of data privacy incidents;
• Drive internal Risk Assessment including 3rd Party Due Diligence (3PDD) reviews, cybersecurity assurance activities, as well as audit readiness reviews and drive timely resolution of potential gaps.
• Provide advisory services on information, privacy and cybersecurity matters for internal stakeholders as laid out in subsequent sections.
• Drive cybersecurity and privacy awareness within the Group, formulating learning curriculum, rolling out training modules ensuring completion remains above agreed metrics. Devise focused training across staff who are involved in data handling and processing.
• Promote a culture of Security, data privacy and compliance across group
• Proactively support in organisational roadmap towards maintaining relevant credentials including ISO27001 compliance, DPTM, APEC CBPR and establishing SOC2 compliance report.
  
  

You

Hold a Degree in Information Technology, Cyber Security or comparable qualification.

To have 2+ years of professional experience in Audit, Assurance, Governance, Management Consulting or ability to port skills across these functional responsibilities.

Assist in cybersecurity, data governance and assurance initiatives in relation to SaaS based Telco platform delivering B2B and B2C products.

Excellent written and oral communication skills, confident in having meaningful conversation with stakeholders at multiple levels within the Group.

Prior experience, knowledge in the following is a certain plus:

• Big 4, Tier 2 Consulting Firms, Telco industry.
• Cloud Infrastructure and Security, DevSecOps, Microservices architecture, Container security.
• Industry Standards such as ISO 27001, ISO 27701, NIST, COBIT, PCI-DSS, MTCS.
• Global, Regional data privacy regulations such as GDPR, PDPA, PDPO.
• Cherish continuous learning and demonstrate it with one or more professional certifications such as CRISC, CISA, CGEIT, CDPSE, CDPSE, CSX-P, CISSP, Diploma in Data Protection or equivalent.
  
  

To all recruitment agencies: Circles will only acknowledge resumes shared by recruitment agencies if selected in our preferred supplier partnership program. Please do not forward resumes to our jobs alias, Circles.Life employees or any other company location. Circles will not be held accountable for any fees related to unsolicited resumes not uploaded via our ATS.

Circles is committed to a diverse and inclusive workplace. We are an equal opportunity employer and do not discriminate on the basis of race, national origin, gender, disability or age.