Company:
Sopra Steria is a listed European tech leader specializing in Consulting, Digital Services, and Software.
With 60,000 employees worldwide across Europe, North America and Asia, Singapore serves as the HQ for our APAC operations.
We focus on delivering Infrastructure, Cloud and Cybersecurity services across the region.
Description:
For this project, we are forming a team of 6 (including 1 team lead) to perform the following scope of works:
Security Risk Assessment
Security Policies, Standards, Guidelines, And Procedures Review
Security Design
Application Security
Vulnerability assessment
System Security Acceptance Testing
Cloud Security
We are seeking a highly skilled and experienced Team Lead to join our dynamic team.
The ideal candidate will possess deep technical knowledge, strong leadership skills, and a proven track record in managing cybersecurity projects.
Responsibilities:
Lead and oversee the execution of comprehensive security risk assessments across a wide range of environments, including on-premise, cloud (AWS, Azure), DevOps, IoT, and third-party ecosystems
Drive and review complex vulnerability assessments, ensuring thorough analysis of findings, prioritization of risks, and development of actionable mitigation strategies
Lead the design and review of enterprise security policies, standards, and procedures, ensuring alignment with organizational goals and compliance with regulatory frameworks (e.g., NIST, ISO 27001, CSA, MAS)
Guide and mentor team members in application security activities including secure code reviews, threat modeling (e.g., STRIDE, PASTA), architecture reviews, and secure SDLC integration
Provide technical leadership in cloud security architecture reviews, including cloud configuration audits, IAM analysis, encryption practices, and hybrid cloud governance
Oversee System Security Acceptance Testing (SSAT) activities, define security test strategies, validate controls, and ensure secure integration of systems before go-live
Manage the development and communication of risk reports and executive summaries, ensuring findings are clearly articulated, business-aligned, and actionable
Act as the primary point of contact for clients and internal stakeholders, ensuring timely delivery of cybersecurity engagements, maintaining high quality and client satisfaction
Provide thought leadership across all six cybersecurity domains and stay up to date with emerging threats, tools, and frameworks to continually improve the team's capabilities
Coach, mentor, and develop junior team members, fostering a collaborative and technically strong team culture
Qualifications:
Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or related field (Master’s degree is a plus)
Professional certifications such as CISSP, CISM, OSCP, CCSP, CISA, or equivalent are strongly preferred
Minimum 5–8 years of experience in cybersecurity consulting with demonstrated leadership in risk assessment, application security, cloud security, policy & compliance, security by design, and vulnerability management
Proven experience working in and securing cloud environments (AWS, Azure, GCP), with a solid understanding of native tools and best practices
Strong hands-on experience in threat modelling methodologies (e.g., STRIDE, PASTA) and security testing in CI/CD environments
Deep knowledge of relevant regulatory frameworks and standards (e.g., NIST 800-series, ISO 27001, CIS Controls, MAS TRM)
Demonstrated project and people leadership experience, with the ability to lead multiple engagements simultaneously
Strong stakeholder engagement, client management, and executive communication skills
Ability to think strategically, lead technically, and drive high-impact outcomes in dynamic environment
Benefits:
Regular team buildings
18 leave days / year
Insurance, GP, Dental, Optical
Annual bonus
Working hours: from 8:30am to 6pm, Monday to Friday
Training and certifications paths
#J-18808-Ljbffr