43 Security Assessment jobs in Singapore

The IT Internal Auditor role plays a pivotal part in ensuring the integrity, confidentiality, and availability of an organization's data by evaluating its IT systems, controls, and processes.

• Lead and execute comprehensive IT audit engagements across various domains including network infrastructure, cloud computing, data governance, cybersecurity, and application systems.
• Identify potential risks and provide actionable recommendations to enhance control environments.
• Perform advanced data analytics to support audit objectives, interpreting complex data structures and business processes.
• Independently manage audit assignments with minimal supervision.
• Collaborate effectively with stakeholders to ensure clear communication of audit results.

• A minimum of 5 years of experience in IT audit, IT risk, or cybersecurity is essential.
• Proficiency in IT general control (ITGC) and IT application control (ITAC) is required.
• Knowledge of IT standards, frameworks, and regulations such as NIST, ISO 27001, Data Privacy, and COBIT is necessary.
• A degree in computer science, computer engineering, or information security is mandatory.
• Experience working with large internet companies or online business models is advantageous.
• Excellent communication skills, both written and verbal, are necessary for effective collaboration and stakeholder engagement.
• Experience with data analytics and relevant technology tools is desirable.
• Certifications in CISA or CISSP are compulsory.
• Familiarity with Mandarin language is beneficial for communication with Chinese partners.

• Conduct comprehensive penetration tests on applications, databases, systems and networks to identify security vulnerabilities, and prepare a detail report on the findings.
• Propose measures to ensure that identified vulnerabilities are addressed.
• Work closely with IT, risk, and compliance teams to track remediation efforts and verify closure.
• Simulate cyber attacks to evaluate defensive measures and improve security posture.

• Minimum 5 years of hands-on penetration testing experience for web applications, mobile applications, APIs, network, databases and load testing.
• Experience conducting secure code review.
• Degree in computer science/computer engineering/information security or equivalent.
• Working knowledge of all aspects of information security is essential.
• Familiarity with systems and operational architecture of large internet companies or online business models.
• Good communication (spoken and written) skills, able to work independently and as a team.
• Certifications from either GIAC/Offensive Security/CREST required.
• Hands on experience in Kali Linux, Burp, and other advanced penetration testing, and secure code review tools.
• Good to have: Basic Mandarin skills for simple verbal and written communication with Chinese partners.

• 对应用程序,数据库,系统和网络进行全面的渗透测试,以识别安全漏洞,并撰写详细的调查报告。
• 提出措施,确保已识别的漏洞得到解决。
• 与IT,风险和合规团队紧密合作,跟踪修复工作并验证漏洞已关闭。
• 模拟网络攻击,评估防御措施并提升安全态势。

• 至少5年Web应用程序,移动应用程序,API,网络,数据库和负载测试的渗透测试经。
• 具备安全代码审查经验。
• 计算机科学/计算机工程/信息安全或同等学历。
• 具备信息安全各方面的工作知识。
• 熟悉大型互联网公司或在线商业模式的系统和运营架构。
• 良好的沟通能力,能够独立工作和团队合作。
• 需持有GIAC/Offensive Security/CREST认证。
• 具有 Kali Linux,Burp 和其他高级渗透测试及安全代码审查工具的实践经验。
• 加分项:具备基础中文能力,能够进行简单的口头和书面沟通。

Seeking a skilled Cybersecurity Expert to enhance our team's security posture through thorough penetration testing and expert advice.

Key Responsibilities:

• Conduct comprehensive penetration tests on networks, web applications, and systems to identify vulnerabilities and recommend strategic improvements.
• Develop and execute custom test cases, scenarios, and scripts to simulate real-world attack vectors.
• Collaborate with stakeholders to improve the organization's overall security and client relationships.
• Stay up-to-date with the latest cybersecurity threats, trends, and technologies.
• Provide technical guidance on security best practices and strategies for securing information systems.
• Assist in threat modeling, security architecture reviews, and the implementation of secure solutions.

Requirements:

• Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or a related field (or equivalent experience).
• Proven experience in penetration testing across various domains (network, web, mobile, cloud, etc.).
• Strong knowledge of penetration testing tools such as Nmap, Metasploit, Burp Suite, Wireshark, Nessus, Kali Linux, etc.
• Deep understanding of network protocols, operating systems (Windows, Linux), and application security.

Preferred Qualifications:

• CRT (CREST Registered Tester) certification is preferred.
• Other relevant certifications such as OSCP, OSWE, CPT, CEH, GPEN, or CISSP.
• Knowledge of cloud security testing in platforms like AWS, Azure, or Google Cloud.
• Familiarity with container security (e.g., Docker, Kubernetes) and DevSecOps practices.

About the Role

As a Penetration Testing Specialist, reporting to the Internal Audit function, you will play a critical role in evaluating the organization's cybersecurity posture by simulating real-world attacks and identifying vulnerabilities across systems, applications, and networks. Your work directly supports audit objectives by validating the effectiveness of security controls, ensuring regulatory compliance, and mitigating operational risks.

Key Responsibility

• Conduct comprehensive penetration tests on applications, databases, systems and networks to identify security vulnerabilities, and prepare a detail report on the findings.
• Propose measures to ensure that identified vulnerabilities are addressed.
• Work closely with IT, risk, and compliance teams to track remediation efforts and verify closure.
• Simulate cyber attacks to evaluate defensive measures and improve security posture.

Requirements

• Minimum 5 years of hands-on penetration testing experience for web applications, mobile applications, APIs, network, databases and load testing.
• Experience conducting secure code review.
• Degree in computer science/computer engineering/information security or equivalent.
• Working knowledge of all aspects of information security is essential.
• Familiarity with systems and operational architecture of large internet companies or online business models.
• Good communication (spoken and written) skills, able to work independently and as a team.
• Certifications from either GIAC/Offensive Security/CREST required.
• Hands on experience in Kali Linux, Burp, and other advanced penetration testing, and secure code review tools.
• Good to have: Basic Mandarin skills for simple verbal and written communication with Chinese partners.

渗透测试专家

关于职位

作为一名向内部审计部门汇报的渗透测试专家,您将在评估组织的网络安全态势方面发挥关键作用,通过模拟真实攻击并识别系统、应用程序和网络中的漏洞。您的工作将通过验证安全控制措施的有效性、确保合规性并降低运营风险,直接支持审计目标。

主要职责

• 对应用程序、数据库、系统和网络进行全面的渗透测试,以识别安全漏洞,并撰写详细的调查报告。
• 提出措施,确保已识别的漏洞得到解决。
• 与IT、风险和合规团队紧密合作,跟踪修复工作并验证漏洞已关闭。
• 模拟网络攻击,评估防御措施并提升安全态势。

职位要求

• 至少5年Web应用程序、移动应用程序、API、网络、数据库和负载测试的渗透测试经。
• 具备安全代码审查经验。
• 计算机科学/计算机工程/信息安全或同等学历。
• 具备信息安全各方面的工作知识。
• 熟悉大型互联网公司或在线商业模式的系统和运营架构。
• 良好的沟通能力,能够独立工作和团队合作。
• 需持有GIAC/Offensive Security/CREST认证。
• 具有 Kali Linux、Burp 和其他高级渗透测试及安全代码审查工具的实践经验。
• 加分项:具备基础中文能力,能够进行简单的口头和书面沟通。

We are seeking a Cyber Security Compliance Manager to join our client's team and lead the development, implementation, and oversight of cyber security compliance and governance programs. The ideal candidate has a deep understanding of information security frameworks and regulations, with a proven track record of ensuring organisational compliance in fast-paced environments.

Key Responsibilities

• Develop, implement, and manage cyber security compliance programs and policies aligned with global standards and regulatory requirements.
• Lead regular risk assessments, security audits, and compliance checks across IT infrastructure and business units.
• Maintain up-to-date knowledge of relevant laws, standards, and best practices (e.g., ISO27001, NIST, GDPR, PCI-DSS, MAS TRM).
• Collaborate with technical and business teams to ensure consistent interpretation and application of security policies and controls.
• Manage internal and external audits, including preparing documentation and responding to audit findings.
• Conduct awareness and training programs for staff on security policies, data protection, and regulatory requirements.
• Advise management and stakeholders on cyber security risks, compliance gaps, and recommended mitigation strategies.
• Track and report on compliance status, risk metrics, and remediation efforts to senior leadership.

• Bachelor's degree in Information Security, Computer Science, IT, or related field.
• Minimum 5 years' experience in cyber security compliance, audit, or risk management roles.
• Sound knowledge of international standards and regulatory frameworks (ISO27001, NIST, GDPR, PCI-DSS, MAS, etc.).
• Strong analytical, organisational, and communication skills.
• Experience interfacing with auditors and regulatory authorities.
• Professional certifications such as CISM, CISA, CISSP, or CRISC are a strong advantage.

We would like to remind you that eFinancialCareers is a job board and does not conduct hiring or ask for payment or any financial details as part of the job application process.

If you receive any suspicious messages claiming to be from us or a hiring company, we urge you not to click on any links and not to reply to the message itself.

Instead, please report the message to our support team at .

It is advisable to always verify job offers directly with the hiring company.

CREATING OPPORTUNITY.Eames Consulting is a contingent recruitment business with international reach, specialising at the mid-to-senior level of the.

Boost your career Find thousands of job opportunities by signing up to eFinancialCareers today.

NCS is a leading technology services firm that operates across the Asia Pacific region in over 20 cities, providing consulting, digital services, technology solutions, and more. We believe in harnessing the power of technology to achieve extraordinary things, creating lasting value and impact for our communities, partners, and people. Our diverse workforce of 13,000 has delivered large-scale, mission-critical, and multi-platform projects for governments and enterprises in Singapore and the APAC region.

As a Security Consultant provides expert IT security consultancy and advisory services, helping to

secure cyber assets, including networks, mobile applications, web applications, and IoT devices. The role involves security system configuration, source code review, and penetration testing.

What will you do?

• Conduct technical security assessments, including penetration testing, source code review, and security configuration analysis.
• Utilize industry-recognized processes and tools to identify and assess security vulnerabilities, aligning with strategic, tactical, and operational security objectives.
• Work closely with clients and internal teams to deliver eƯective security solutions and recommendations.
• Perform compliance audits and system reviews against industry best practices, security policies, and procedural guidelines.
• Clearly articulate security findings through detailed reports and presentations, tailored for both technical and non-technical stakeholders

The ideal candidate should possess:

• Experience in penetration testing, source code review, and host security assessments.
• Strong technical expertise in security testing methodologies, tools, and frameworks such as Metasploit, Kali Linux, Burp Suite, and Tenable Nessus.
• Proficiency in scripting languages (e.g., Python, Bash, or PowerShell) for security automation and testing.
• Solid understanding of web application technologies, network security principles, and the OSI model (including HTTP, DNS, SSH, FTP, etc.).
• Familiarity with established security testing methodologies, including the OWASP Web
• Security Testing Guide (OWSTG) and the Penetration Testing Execution Standard (PTES).Relevant industry certifications (e.g., OSCP, CREST CRT) are highly advantageous.
• Strong interpersonal and communication skills, with the ability to collaborate eƯectively in a team environment.
• A degree in cybersecurity, computer science, or a related field is preferred; however, candidates with a diploma or equivalent experience will be considered.

We are driven by our AEIOU beliefs—Adventure, Excellence, Integrity, Ownership, and Unity —and we seek individuals who embody these values in both their professional and personal lives. We are committed to our Impact: Valuing our clients, Growing our people, and Creating our future .

Together, we make the extraordinary happen .

Learn more about us at ncs.co and visit our LinkedIn career site.

The Security Consultant delivers penetration testing & offensive security projects to ensure a successful

outcome that at least meets or exceeds the expectations of our clients.

• The customer recognises you as a subject matter expert and they have confidence in the comprehensiveness of the testing methodology and the accuracy of the results.
• The client has prepared the testing environment prior to the project start date so that the engagement is executed smoothly and without delay.
• Penetration testing projects are delivered efficiently and on schedule.
• The quality of the Penetration Testing Report by ensuring it has been peer reviewed and approved for release to the client.
• All client data is managed in strict accordance with Vantage Point Security data security and protection policies throughout the project.

The successful candidate will be a part of the Airport Operations (Safety, Security & Compliance) (AOSCC) team, under the Customer Services & Operations Division.

Key Responsibilities include:

• Administration for AOSSC (Load Control)
  • Assist with email queries from stations and Centralised Load Control Centres (CLCs) on Load Control matters.
  • Maintain and update changes to Loading Instructions and Trim Chart as and when required.
  • Other duties as assigned.
• AOSSC (Load Control) Procedures and monitoring of Centralised Load Control Centres
  • Assist to review current CLC process to address gaps, reduce errors and improve efficiency.
  • Assist with Load Control related delays and incidents.
  • Perform annual audits on the CLCs based on SIA CLC Audit Checklist.
  • Conduct Load Controller Certifications for CLCs Load Controllers.
  • Updating of CLCs Load Controllers Loadsheet Certification in FM Altea.
• FM Altea (Load Control)
  • Assist with FM projects and initiatives.
  • Perform FM Altea UAT for Load Control projects and initiatives.
• Support Services
  • Provide Load Control Support for new stations.
• Initiate and/or conduct investigations for Aircraft Ground Incident Reports (AGIRs) and Hazard Reports (HZR) raised in ISMS (SIA Incident Management System)
  • Liaise with stations and CLCs to investigate aircraft ground incidents and hazards to determine their occurrence and to come up with preventive/mitigation measures.
  • Review HIRA annually for HO and guide stations on their annual HIRA review.

Requirements

• Diploma in any discipline.
• Experience in load control, airport and/or flight operations is preferred.

• 1 Grange Rd, Singapore 239693
• Full-time
• Department: H&M Group

H&M Brand is on an exciting journey to again become a truly customer focused company. In line with our Omni transformation, we want to achieve clear ownership, fuel our salesmanship, enable speed and build on our passion for the customer throughout the organisation.

You ensure business continuity by management of risks. Providing peace of mind, you manage and support your team to ensure the H&M Group is a place where employees and customers can feel safe. You drive the 5 security areas by influencing behavior through effective leadership in your local organization.

Key responsibilities

• Risk Management: Regular assessment, analysis, identification and evaluation of potential risk to minimize threat exposure. Implement and ensure compliance strategies are accordance to global brand policies, standards and local legislation.
• Health & Safety: Contribute and sustain a healthy and safe work environment throughout the business by ensuring company’s crisis management process are followed and taught; take preventive measures, recognize safety hazards and initiate actions to prevent incidents to our employee and customers.
• Asset Protection: You work proactively with H&M group technology and people, continuously looking for better ways of protection, planning and purchasing security services and product according to global project management and sourcing process. You have a good technical knowledge on all global and local security systems and manages inventory preparation with relevant departments.
• Loss Prevention: Follow up and analyze shrinkage results, main KPIs and initiate actions preventing loss and increasing profit. Implement and maintain Loss Prevention Strategy and investigate on frauds as needed. Ensure LP tools are used to their full potential.
• Information Security: Being advisor to your management on cyber security risk, ensuring compliance with Data Privacy, PCI DSS and information security.

• High performing manager with 2-3 years security and track leadership.
• Formal education with Business Admin Certification, and other security related certification (CPP, PSP, APP, PMP, etc).
• Great command of English both spoken and written, strong communication and presentation skills with ability to present to stakeholders and wider audience.
• Analytical, numbers and fact driven with strong knowledge on policies implementation and compliance.
• Strong organizational and prioritizing skills and competency with office 365 tools.

If you feel that your experience, skills and ambitions are a match, apply latest by 11th JULY 2021. We’re more about personality and competence than qualifications, so don’t worry if your skills aren’t a perfect match. This position is based in Singapore Support Office and is a Maternity Cover for 6 months.