Manager, Cybersecurity Exercises & CII Risk Assessment

Line of Service

Assurance

Industry/Sector

TMT X-Sector

Specialism

Cybersecurity & Privacy

Management Level

Manager

Job Description & Summary

At PwC we help clients build trust and reinvent so they can turn complexity into competitive advantage. Were a tech-forward people-empowered network with more than 370000 people in 149 countries. Across audit and assurance tax and legal deals and consulting we help clients build accelerate and sustain momentum. Find out more at .

Our Risk Services Practice provides an invaluable safeguard in todays complex operating environment with insights and independent assurance. We work with clients to deliver business control to help them protect and strengthen every aspect of their business from people to performance systems to strategy business plans to business resilience. We help clients manage mitigate and control risks from potential cybersecurity breaches to possible breaks in the supply chain. We assess and prepare businesses by looking into their technology finance data analytics regulatory requirements data security and privacy internal audit and the third parties our clients rely on to help clients deliver quality results and meet their strategic objectives.

• Lead the end-to-end conduct of cybersecurity exercises including pre-sales exercise planning scenario development and reporting.
• Conduct current state discovery to understand the clients technology infrastructure cyber resilience programmes incident response plans and scenario-specific playbooks.
• Design exercise scenarios that are relevant to and aligned with the clients specific environment and context.
• Engage relevant business operational technical and management teams in preparing for the exercise.
• Provide recommendations to the client on improvements to their existing setup and plans.
• Conduct the exercise and act as both the exercise facilitator as well as the technical advisor to the exercise scenarios.
• Conduct post-exercise debrief / after-action review workshops.
• Develop the exercise report and provide observations and recommendations that are meaningful and relevant to the clients context.
• Present the exercise report to the relevant stakeholders and tailor the messages based on the audience.

• Lead and manage CII risk assessment engagements including scoping planning execution and reporting.
• Identify and assess cyber risks to Critical Information Infrastructure including threats vulnerabilities and potential impact to essential services.
• Review and evaluate the adequacy and effectiveness of CII owners cybersecurity policies processes and technical controls against regulatory requirements and established frameworks.
• Conduct gap analyses of clients cybersecurity posture against theCybersecurity Act 2018 (and its subsequent amendments) theCII Codes of Practiceissued by theCyber Security Agency of Singapore (CSA) and other applicable standards and guidelines for designated CII sectors.
• Develop risk treatment plans and provide actionable prioritised recommendations to help CII owners strengthen their cyber resilience.
• Engage with CII owners management operational technology (OT) teams and IT teams to gather evidence conduct interviews and validate findings.
• Prepare comprehensive risk assessment reports and present findings and recommendations to senior stakeholders regulators and boards as required.
• Assist CII owners in meeting their statutory obligations under the Cybersecurity Act including but not limited toCII risk assessments audits and incident reporting requirementsas mandated by CSA.
• Stay current on evolving CII regulatory requirements sector-specific threat landscapes and emerging risks relevant to critical infrastructure in Singapore.

• Proactive support in business development activities such as bid management proposal formulation and client presentations including adhering to internal risk management and compliance policies.
• Able to work on multiple concurrent projects with tight timelines and competing resources across both workstreams.
• Able to manage a team of cybersecurity specialists to assist in the conduct and delivery of exercises and risk assessments.
• Build and maintain strong client relationships across both engagement types.
• Contribute to thought leadership internal knowledge sharing and methodology development for both cybersecurity exercises and CII risk assessments.
• Mentor and develop junior team members across both domains.

• 57 yearsof relevant experience in cybersecurity with demonstrable exposure toat least twoof the following areas: cybersecurity incident response security operations centre (SOC) risk assessment and/or critical infrastructure protection.
• Proven knowledge in the conduct ofTable-top Exercises (TTX) Command Post Exercises (CPX) and Ground Deployment Exercises (GDX).
• Strong understanding ofCII risk assessment methodologiesand Singapores regulatory framework governing critical information infrastructure including theCybersecurity Act 2018CII Codes of Practice and guidelines issued by theCyber Security Agency of Singapore (CSA).
• Good working knowledge of various cybersecurityTactics Techniques and Procedures (TTPs)for different cyber threats.
• Understanding ofcyber incident responseanddigital forensics investigationrequirements.
• Familiarity withOperational Technology (OT) / Industrial Control Systems (ICS)environments and their unique cybersecurity challenges is a strong advantage.
• Familiar withCyber Kill Chain Methodology MITRE ATT&CK Framework NIST Cybersecurity Framework (CSF).

• Demonstrated ability to communicate complex concepts clearly across different audiences and varying levels of the organisation.
• Excellent communication presentation and analytical skills.
• Excellent communication skills especially related to exercise facilitation documentation and reporting.
• Demonstrates strong organisational skills with the ability to manage dual-reporting lines and competing priorities effectively.
• Proven track record of managing a team and a good team player.
• Highly developed relationship management influencing and leadership skills.
• Self-starter with the ability to operate independently while collaborating effectively across two teams and Directors.

• Knowledge of technology systems network and infrastructure cybersecurity risks and related control frameworks and practices (COCO COSO ISO ITIL CMM COBIT NIST SANS etc.).
• Experience conducting risk assessments or audits inSingapores designated CII sectors(e.g. Energy Water Healthcare Transport (Land Maritime Aviation) Telecommunications Banking & Finance Media Security & Emergency Services Government).
• Familiarity withIEC 62443 NIST SP 800-82 or other OT/ICS security standards.
• Experience with regulatory engagement or compliance assessments under SingaporesCybersecurity Act 2018 including familiarity withCSAs CII audit and assessment frameworksand the11 designated CII sectorsin Singapore.
• Possess industry-related certifications such asCISSP CISM CRISC GCFE GREM GCIA GCIH EnCE GICSP.

Education (if blank degree and/or field of study not specified)

Degrees/Field of Study required:

Degrees/Field of Study preferred:

Certifications (if blank certifications not specified)

Required Skills

Optional Skills

Accepting Feedback Accepting Feedback Active Listening Analytical Thinking Cloud Security Coaching and Feedback Communication Conducting Research Creativity Cyber Defense Cyber Threat Intelligence Embracing Change Emotional Regulation Empathy Encryption Inclusion Information Security Intellectual Curiosity Intelligence Analysis Intelligence Report Intrusion Detection Intrusion Detection System (IDS) IT Operations Learning Agility Malware Analysis 21 more

Desired Languages (If blank desired languages not specified)

Travel Requirements

Not Specified

Available for Work Visa Sponsorship

Yes

Government Clearance Required

No

Job Posting End Date