Cybersecurity Consultant - Managed Agencies

Assurity Trusted Solutions (ATS) is a wholly owned subsidiary of the Government Technology Agency (GovTech). As a Trusted Partner over the last decade, ATS offers a comprehensive suite of products and services ranging from infrastructure and operational services, authentication services, governance and assurance services as well as managed processes. In a dynamic digital and cyber landscape, where trust & collaboration are key, ATS continues to drive mutually beneficial business outcomes through collaboration with GovTech, government agencies and commercial partners to mitigate cyber risks and bolster security postures.

As the Cybersecurity Consultant in one of the government agencies, you will work closely with both application and infrastructure teams to ensure that business needs are met, projects are delivered timely within projected costs, and ensure compliance are met within acceptable risks levels. You will also be called upon to support security operations and incident management.

Responsibilities:

• Security Incident Management
• Support IT security incident management, responses and reporting till closure.
• Develop, review, and maintain operational SOPs and playbooks on IT security incidents management.
• Coordinate and work with both internal and external teams to investigate and resolve IT security incidents (including identifying the source of infection, impact).
• Review and submit IT security incident reports including documenting the calendar of event for the incidents.
• Recommend improvements to prevent the recurrence of the IT security incidents.
• Security Operations & Reviews
• Review, monitor and respond to security alerts and notifications and ensure that they are attended to and addressed in a timely manner.
• Coordinate and work with both internal and external teams to conduct reviews (which includes but is not limited to security reviews, assessments, tests, and remediation).
• Plan, schedule, conduct and ensure information required for the reviews are provided by the relevant teams.
• Ensure reviews conducted are supported with documentary evidence and submitted timely to the agency’s IT security team for closure.
• Security Audit & Vulnerability Assessment
• Provide support for audit activities and security testing (Vulnerability Assessment Scans Penetration Testing and Source Code Reviews).
• Ensure all findings and remediations are followed up within the time frames stipulated by relevant policies.
• Verify system components such as operating system, database, web servers, network devices are configured and set up according to the agency’s security standards and requirement.
• Monthly Reporting and Vendor Management
• On top of monthly reporting, also includes providing and conducting IT security awareness, training and guidance to the users and vendors including recommending security practices and configurations.
• Vendor management includes evaluating vendor performance and conduct regular assessments to ensure compliance with contractual agreements and service level expectations.