Deputy Director - IT Security (Cyber Ops & Technology)

Position Overview

We are seeking an experienced and visionary cybersecurity leader to oversee the public healthcare sector’s centralised Security Operations Centre (SOC) and lead all cyber incident response functions across institutions. This role will also drive key technical capabilities in detection engineering, digital forensics, and malware analysis — ensuring early threat identification, deep incident understanding, and effective response and recovery.
Join us to help protect Singapore’s public healthcare systems and patients by leading the charge against cyber threats in one of the nation’s most critical sectors.

Role & Responsibilities

SOC Oversight and Operations

• • Lead the strategic and day-to-day operations of the in-house central SOC protecting the public healthcare sector
  • Ensure 24/7 monitoring, alert triage, and incident response through robust processes and advanced security tooling
  • Oversee the continuous tuning of detection rules and workflows to optimize SOC efficiency and threat coverage
  • Track and report SOC KPIs, effectiveness, and operational readiness

Detection Engineering

• • Develop and maintain high-fidelity detection logic and SIEM use cases to identify malicious behaviors and sector-relevant threats
  • Work closely with IT and security architecture teams to ensure comprehensive telemetry, logging, and visibility
  • Use threat intelligence and real-world attack patterns to refine detection mechanisms
  • Perform validation and quality assurance of detection content to minimize false positives

Digital Forensics & Malware Analysis

• • Oversee forensic investigations into cyber incidents, ensuring evidence integrity and alignment with legal and regulatory requirements
  • Establish and maintain internal processes for data acquisition, analysis, and preservation of digital evidence
  • Lead the analysis of malicious code to extract indicators of compromise (IOCs) and inform defensive strategies
  • Coordinate with external partners for complex reverse engineering where required

Sector-Wide Cyber Incident Management

• • Serve as the Incident Manager to orchestrate cyber incident response across all public healthcare institutions
  • Maintain and test incident response plans and playbooks across the sector
  • Ensure efficient containment, eradication, recovery, and root cause analysis of cyber incidents
  • Conduct post-incident reviews to capture lessons learned and improve resilience

Reporting and Stakeholder Engagement

• • Ensure timely and structured cyber incident reporting to the Healthcare Sector Lead (MOH) and CSA in accordance with the National Cyber Incident Response Framework
  • Liaise with relevant stakeholders across public healthcare, MOHH, MOH, CSA, MHA/SPF, and other regulatory bodies during cyber incidents
  • Provide regular updates, situational briefings, and strategic insights to public healthcare, MOHH, MOH, and national stakeholders

Governance, Risk & Compliance

• • Align cybersecurity operations and incident handling practices with relevant policies, guidelines, and regulatory frameworks
  • Support cybersecurity audits, assessments, and reporting obligations
  • Contribute to risk management strategies and initiatives to uplift cyber posture across the sector

Team Leadership and Capability Development

• • Build, lead, and mentor a multidisciplinary cybersecurity team including SOC analysts, detection engineers, forensics investigators, malware analysts, and incident responders
  • Promote a culture of collaboration, technical excellence, and continuous learning
  • Identify skill gaps and provide training and professional development pathways for team members
  • Drive the continuous capability development of the above functions, including adoption of new tools, automation, and advanced analytics
  • Plan, run, and/or participate in cyber range activities and sector-wide cyber exercises to validate readiness and improve response capabilities.

Requirements

• • Bachelor’s or Master’s degree in Cybersecurity or related fields
  • At least 15 years of experience in cybersecurity operations and incident response, with 5+ years in a leadership capacity
  • Deep expertise in SOC operations, detection engineering, digital forensics, incident response, and malware analysis
  • Strong familiarity with relevant cybersecurity technologies and platforms, including but not limited to SIEM, EDR, NDR, SOAR, malware analysis tools, and digital forensic tools
  • Strong familiarity with national cybersecurity regulations, including the National Cyber Incident Response Framework
  • Experience with healthcare IT environments and understanding of sector-specific risks is preferred
  • Familiar with the Cyber Kill Chain, MITRE ATT&CK Framework, NIST Cybersecurity Framework (CSF), and other cybersecurity frameworks
  • Recognised cybersecurity certifications such as GSE, GCFA, GCIH, GREM, GNFA, OSCP, OSCE3, OSEE, CISSP, or CISM are highly desirable
  • Excellent leadership, crisis management, and communication skills, with a proven ability to engage stakeholders at all levels

Apply Now

NOTE: It only takes a few minutes to apply for a meaningful career in HealthTech - GO FOR IT!!