The Cybersecurity Ops and Cloud Security Manager is responsible for establishing, managing, and continuously enhancing the organisation’s cybersecurity operations capability, with a focus on cloud environments, IoT platforms, and smart facility management systems.
The role ensures that the organisation maintains operational readiness to detect, respond to, and recover from cybersecurity incidents, and that all systems comply with ISO/IEC 27001 and related standards.
This position is critical in mitigating cybersecurity risks across ongoing digital and smart infrastructure projects, where the absence of in house operational expertise would expose the organisation to significant vulnerabilities. The role will work closely with internal teams, vendors, and stakeholders to ensure that smart facility solutions are resilient, compliant, and aligned with organisational cybersecurity standards.
Roles & Responsibilities:
A. Cybersecurity Operations & Incident Management
Establish and manage end‑to‑end cybersecurity operations, including monitoring, detection, incident response, and recovery.
Develop, implement, and maintain a Cybersecurity Incident Response Plan (CIRP) in accordance with ISO/IEC 27035.
Lead and coordinate responses to cybersecurity incidents affecting cloud platforms, IoT systems, and smart facility infrastructure.
Ensure timely incident triage, containment, eradication, and post‑incident reviews (lessons learned).
Conduct regular incident response drills and tabletop exercises to ensure organisational preparedness.
B. ISO 27001 Compliance & Security Operations Governance
Establish and maintain an Information Security Management System (ISMS) aligned with ISO/IEC 27001.
Operationalise ISO controls, including but not limited to:
A.5 Information Security Policies
A.8 Asset Management
A.12 Operations Security
A.13 Communications Security
A.16 Incident Management
Ensure all cybersecurity operations processes are documented, audited, and continuously improved.
Lead internal and external audits, risk assessments, and compliance reviews.
Maintain risk registers, treatment plans, and security KPIs for management reporting.
C. Cloud Security Management
Define and enforce cloud security policies across platforms (e.g. Azure, AWS, Google Cloud).
Implement and manage:
Identity and Access Management (IAM)
Security monitoring and logging (SIEM/SOAR)
Data protection controls (encryption, DLP)
Secure configuration and posture management (CSPM)
Ensure secure integration between cloud systems and on‑premise / IoT environments.
Conduct cloud security assessments and remediation tracking.
D. IoT & Smart Facility Security Operations
Oversee operational security of IoT devices, smart building systems, and facility management platforms.
Monitor vulnerabilities across OT and IoT ecosystems, including BMS, SCADA, and sensor networks.
Implement network segmentation and zero‑trust principles across IT/OT convergence environments.
Establish patch management, firmware updates, and lifecycle controls for connected devices.
E. Threat Monitoring & Vulnerability Management
Establish continuous monitoring capabilities using SIEM/SOC tools.
Lead vulnerability scanning, penetration testing coordination, and remediation tracking.
Integrate threat intelligence into operational processes to proactively identify risks.
F. Stakeholder Management & Reporting
Serve as the primary POC for cybersecurity operations across projects and business units.
Provide regular reporting to senior management on:
Security posture;
Incident trends and response performance;
Compliance status and key risks.
Engage vendors, managed security service providers, and auditors to ensure security requirements are met.
Education Qualification
Degree in Information Technology, Computer Science, Cybersecurity, Engineering, or a related discipline.
Relevant Experience
Minimum 8–10 years’ experience in IT cybersecurity, with at least:
5 years in security operations / SOC / incident response, and
Proven experience in cloud security management and ISO 27001 implementation.
Hands‑on experience managing cybersecurity operations in environments involving IoT, OT, or smart infrastructure systems is highly desirable.
Professional Accreditations
(Preferred)
CISSP, CISM, or CISA
GIAC, CEH, or equivalent cybersecurity certification
Cloud security certification (e.g. CCSP, AWS/Azure Security)
OT / ICS security certification (advantageous)
Professional Knowledge/ Skills
Proven track record in cybersecurity risk assessment, architecture review, and secure system implementation.
Experience working in complex, multi‑vendor digital or smart infrastructure projects is highly desirable.
Strong practical knowledge of:
Security Operations Centre (SOC) tools and processes
SIEM / SOAR platforms (e.g. Splunk, Sentinel, QRadar)
Cloud security architectures and controls
Incident response frameworks and playbooks
Deep understanding of ISO standards:
ISO/IEC 27001 (ISMS)
ISO/IEC 27002 (Security Controls)
ISO/IEC 27035 (Incident Management)
Familiarity with:
NIST Cybersecurity Framework
IEC 62443 (OT security)
Zero Trust Architecture principles
Ability to translate technical cybersecurity risks into clear business and operational implications.
High level of professionalism, integrity, and attention to detail.
At Surbana Jurong, we put talent, hard work, teamwork and a fun workplace together to approach problems and solve them creatively and collaboratively. Join us in making a positive impact on the world!