Job Description

Sopra Steria is a listed European technology leader specializing in Consulting, Digital Services, and Software. With over 51,000 employees worldwide across Europe, North America and Asia, the Group supports organizations in driving their digital transformation and delivering sustainable business value.

In Asia Pacific, Singapore serves as the regional headquarter for Sopra Steria’s Infrastructure, Cloud and Cybersecurity services.

We are seeking an experienced Cybersecurity Operations Lead to oversee mission-critical security operations in a 24×7 environment. Deeply integrated into operation and service team, this role is responsible for thread monitoring, incidence response, vulnerability management, providing world-class security services/advisory to customers, ensuring solution environment stay resilient and compliance to IM8 governance standards and cybersecurity practices. You will be the primary bridge between our security engineers, operations team, internal stakeholders and our valued customers. You will ensure accurate risk communication, deliver clear remediation guidance, manage security infrastructure, drive continuous improvements and promote cybersecurity best practices internally and externally with poise and professionalism.

Key Responsibilities

Threat Monitoring & Incident Response

• Oversee day-to-day security monitoring using SIEM and endpoint protection tools.
• Lead incident response, containment, eradication, and root cause analysis for cybersecurity events.
• Ensure clear incident classification, escalation workflows, and communication protocols.
• Leverage and share up-to-date threat intelligences with both internal stakeholders and customers to proactive safeguard digital assets

Vulnerability & Patch Management

• Primary coordinator/lead on vulnerability assessments and penetration testing engagement with third-party agencies and internal vulnerability scan exercise in regular frequencies.
• Manage remediation of vulnerabilities across servers, network devices, middleware, containers and security appliances in timely manner compliance to regulatory mandate.
• Ensure timely patching cycles across all environments. Clear communication of findings, risk and action plans for both technical and non-technical stakeholders/customers.

Security Infrastructure & System Hardening

• Implement, configure, and maintain security technologies (firewalls, IDS/IPS, HSM, PAM).
• Oversee OS, application, and network hardening (RHEL, Windows Server, Kubernetes).
• Review and approve security architecture designs for new components and projects.

Privileged Access Management

• Govern privileged access across Active Directory domains.
• Ensure segregation of duties, emergency access procedures, and periodic access reviews.

Governance & Compliance

• Enforce compliance with IM8 cybersecurity policies and standards.
• Drive audit readiness, maintain risk registers, and track remediation progress.

Team Leadership

• Liaise with cross function teams
• Ensure clear documentation, SOPs, and knowledge transfer for all security activities.
• Drive continuous training and certification for team members.
• Deliver workshop, training or briefing to enhance the cybersecurity posture of internal stakeholder and customers

Qualifications

Education & Experience

• Bachelor’s degree in Information Security, Computer Science, Engineering, or related discipline.
• Minimum 5 years of proven experience in cybersecurity or information security roles supporting mission-critical operations, preferably in the public sector.
• Strong competency in operating system security (RHEL, Windows Server), network security, and Kubernetes security.
• Hands-on experience with tools such as SIEM (LogRhythm), Vulnerability Scanner (Nessus), IAM/PAM (BeyondTrust/CyberArk), HSM, TLS/PKI, Firewalls (Check Point, Palo Alto), IDS/IPS is a must

Certifications (Preferred)

• CISSP, CISM, CEH or equivalent

Knowledge & Skills

• Security principles (CIA, defense in depth, least privilege).
• Networking and OS fundamentals.
• Identity & Access Management, cryptography basics.
• Application security fundamentals (OWASP Top 10, secure coding principles).
• Incident response and IM8 compliance knowledge.

Personal Attributes

• Strong composure under pressure and ability to lead during incidents.
• Excellent communication skills (written and spoken).
• High integrity, attention to detail, and accountability.
• Proactive, collaborative, and able to manage cross-functional coordination
• Proven track-record in customer-facing experience in cybersecurity domain will be a strong plus.

Additional Information

•Work-life balance Hybrid working mode and Work-from-Abroad benefits, 18 days of Annual leave

• Health & insurance: Comprehensive coverage including General Practitioner, hospitalization, dental, and optical
•Performance incentives: Annual bonus based on individual performance
•Learning & development Training programs, certification opportunities, and training incentives to support career growth
•Team culture: Regular team-building activities and social events