Onshore Cybersecurity Consultant (12 months contract)

Onshore Cybersecurity Consultant The scope of Services for the Onshore Cybersecurity Consultant shall be as follows: • Provide cybersecurity support in system operations to ensure the compliance with Government policies, including review, design and implementing security measure, process, controls for the Authority’s systems; • Review security audit reports and assessment conducted by auditors for security testing such as Vulnerability assessment, penetration testing, host configurations, IT general controls, risk assessments, etc; • Conduct reviews, gap analysis and provide recommendations on monthly reports and reviews, ensuring the compliance of the system processes to the Authority and Government policies; • Monitor and follow up with known vulnerabilities and risks in the Authority’s environment and systems; • Conduct cybersecurity assessments to identify vulnerabilities and risks in the Authority’s systems and processes; • Design and follow through the implement of cybersecurity solutions in the Authority’s environment to protect against threats and attacks; • Review and verify system security posture, security policies, procedures to ensure best practices are implemented and comply with standards and guidelines by the Authority’s appointed contractors and systems; • Provide guidance and recommendations on cybersecurity strategies and technologies; • Conduct security awareness trainings to the Authority and the Authority’s appointed contractors when necessary to promote a culture of security; • Monitor and respond to security incidents and breaches, conducting forensic analysis on a need-be basis; and • Stay current on emerging cybersecurity threats, trends, and technologies. The Onshore Cybersecurity Consultant proposed by the Contractor shall have at least 3 years of experience as a Cybersecurity Consultant or equivalent position and the following skill sets: • Bachelor’s degree in computer science, Electrical/ Computer Engineer, Information Technology or related discipline would be preferred; • Good knowledge of Government security ICT/SS policies, cybersecurity industry standards, ICT governance, security, risk, and data management frameworks, practical experience in government sector implementations; • Experience in conducting and/or reviewing security tests such as cybersecurity risk assessment, vulnerability assessment, penetration test, host configuration review, IT general controls, etc. would be advantageous; • Good knowledge in ICT infrastructure, applications and web/ cloud services; and • ICT security professional certifications such as CREST, CRISC, CGEIT, or CISSP would be preferred.