[What the role is]

Cybersecurity and data governance is a critical pillar of CAAS’ work. To ensure that the Singapore air hub remains safe and secure for air travel, every mission-critical system that supports air hub operations must be well-protected and resilient against rapidly evolving, and increasingly complex, cybersecurity threats.

CAAS is therefore looking for a strong and dynamic candidate to lead the Cybersecurity Oversight and Governance Branch, in the newly established Cybersecurity and Data Governance Division focused on strengthening and uplifting cybersecurity capabilities in CAAS and across the aviation sector.

You will lead the team in strengthening cybersecurity in the aviation sector and ensuring operational readiness to respond to cybersecurity threats, as well as strengthening ICT and data governance in CAAS.

You will also have opportunities to engage international stakeholders in shaping international standards, and collaboration initiatives on aviation cybersecurity.

[What you will be working on]

Key responsibilities include:

• Leading and ensuring the smooth day-to-day running of the Cybersecurity Oversight and Governance Branch
• Primarily responsible for maintaining and strengthening the cybersecurity posture of CAAS and the aviation sector through active regulation, proactive management, driving awareness and industry engagement.

Cybersecurity Oversight

• Develop and implement cybersecurity oversight programmes to ensure compliance with cybersecurity regulatory requirements by the aviation sector
• Formulate and implement aviation cybersecurity policies and regulations to ensure the cybersecurity resilience of aviation Critical Information Infrastructure (CII) owners and other regulated entities
• Support initiatives through risk management, including performing security risk assessments, and recommending risk treatment and ensure mitigation measures are applied
• Support the Assistant Commissioner, who assists the Commissioner of Cybersecurity under the Cybersecurity Act, in directing and overseeing the critical information infrastructure (CII) in the aviation sector. These duties include identifying CII and to regulate CII owners, managing the CII owners’ compliance with the cybersecurity codes of practice and standards of performance, implementing national cybersecurity initiatives, monitoring cybersecurity threats and responding to cybersecurity incidents
• Participate in international meetings and engage key international partners in developing international standards and other collaboration initiatives in aviation cybersecurity
• Keep abreast of the latest industry cybersecurity practices and technologies, as well as emerging threats and vulnerabilities, and recommend appropriate controls and solutions for implementation to enhance aviation cybersecurity posture
• Manage engagements within the aviation sector, where relevant, as part of overall account management
• Develop and manage cybersecurity technology programmes that address the cybersecurity challenges or gaps of organisations that are subject to cybersecurity requirements under CSA’s legislative framework
• Manage and coordinate aviation sector-responses to cybersecurity incidents and threats

ICT and Data Governance Section

• Review and develop CAAS ICT policies, standards, and processes in line with government IM8
• Work closely with internal stakeholders, such as system owners, to ensure compliance with CAAS ICT policies, standards, and processes
• Manage and coordinate internal and external audits on CAAS systems and processes, and ensure follow-up actions are completed

[What we are looking for]

• Suitable qualifications in Cybersecurity, Information Security, Information Technology, Computer Science, Engineering (Computing / Telecommunication) or equivalent
• Suitable cybersecurity certifications like CISSP, CISM, CISA and SANS will be advantageous
• 10 or more years of direct and relevant full-time cybersecurity work experience in policy formulation, incident response, management, regulatory oversight, and compliance experience in IT and business/industry, with demonstrable leadership experience and responsibilities
• Preferably 5 or more years of experience in large organisations leading cross-functional teams and/or enterprise-wide programs.
• Good analytical, planning, leadership and execution skills
• Expertise in budget planning and financial management
• Strong stakeholder management skills to deal with complex issues; influence internal and external stakeholders to achieve targeted outcomes
• Strong verbal and written communication skills

Note: Your appointment designation will commensurate with your relevant work experience. Successful candidates will be offered a 3-year contract in the first instance and may be considered for placement on a permanent tenure or subsequent contract renewal.