- Information Technology
- Singapore - Singapore
It’s no secret that our intellectual property is massively critical to our success. But how do we keep it from the prying eyes of the bad guys? Dyson’s Global Cyber Security department works effectively to keep our secrets secret and secure our crown jewels using advanced technologies to stay one step ahead of the game. We use pragmatic approach to transform cyber security to enhance our business resilience to better manage potential cyber disruption. We invest new cyber security capabilities (technology, process, people) and leverage our strong cyber security ecosystems to tackle future threats.
The Information Security Compliance, Product & Manufacturing Security, Enterprise Security and Cyber Defence are the beating heart of Dyson’s Cyber Fusion Centre capabilities. They ensure the successful delivery of exciting new projects, existing toolsets remain effective & compliance, balancing of red & blue team capabilities, and Cyber Security incidents are managed timelty and efficiently.
The major focus of this role is to build and manage our global Threat and Vulnerability function, and ensuring that threat and vulnerability program are thoughtfully embedded in Dyson’s digital footprints across the globe. Your security solutions will be world class and will protect our most important assets – our customers and our intellectual property - whilst ensuring that our network, infrastructure systems, applications, information are securely protected. Your aim will be frictionless security, enabling the business to achieve their output and uptime goals through fit-for-purpose security solutions and a strong cyber security culture, whilst delighting the people who use our products.
Alongside the above, you'll also be responsible for the following:
- Providing leadership and being responsible for the development, implementation, communication, maintenance and governance of the cyber security strategy, technical architecture and roadmaps for Threat & Vulnerability services.
- Working as part of the Cyber Security leadership team, you will become the trusted adviser of Cyber Security expertise in your areas, pro-actively providing security leadership and guidance to business divisions, projects and 3rd parties.
- Becoming the trusted source of strategic cyber security expertise and pro-actively providing security leadership and guidance with regards to all technical aspects in Threat & Vulnerability domain.
- Developing, embedding and managing a world-class Threat & Vulnerability function, ensuring our Enterprise IT, Dyson business units, and our people operate within a well-defined and understood cyber security risk appetite, including regular monitoring, reporting and escalation of security events and potential risks.
- Responsible and accountable for gloal threat and vulnerability services, ensure fit for purpose security services are designed and implemented to support Dyson global network. Starting form asset discovery, vulnerability scanning, application security testing to threat intelligences mapping, offensive & crowdsource security, security analytics to better predict or detect security issues for early risk mitigation.
- Influencing a broad range of senior stakeholders in various teams across the business, including IT architects, developers and engineers, programme managers, and business data owners. Therefore, you will need to build rapport quickly and project confidence in your actions and recommendations. Throughout your tasks you will ensure your recommended solutions are cost effective, observe industry good practice, exhibit appropriate security governance, and that the technologies you choose are adequately implemented and secured to support the needs of the business.
- Cultivate core relationships between internal stakeholders and external partners and other third-party entities that support Dyson for handling sensitive data.
- Working under our Global Director – Enterprise Security & Cyber Defence to contribute effectively to our Cyber Security Governance Framework.
We seek applications from individuals with an exceptional track-record of building and running global Threat & Vulnerability management teams, encompassing a range of responsibilities including asset identification, vulnerability scan, application security testing, offensive security testing, bug bounty program, threat intelligence services, security analytics to effectively predict, detect and manage security weaknesses to drive early gap mitigations in order to reduce our exposure to cyber disruption.
Alongside this, you'll bring the following:
- A highly self-motivated individual with positive mindset & can-do attitude, and a strong believer of “Security as an enabler” to support business growth.
- Expert knowledge and hand-on implementation experience specific to Enterprise security (Network & Infrastructure Security, Application Security, Secure Cloud & Mobility (IaaS, PaaS, SaaS, CDN), Data/Database Security, etc.)
- Strong understanding of IT Security Controls (FW/IPS/IDS/DDOS, NGAV/EDR/MDR, Identifty Access Management, User Behaviour Analytics, Data Loss Prevention, Secure SDLC, Secure Cloud implementation, etc.)
- Practical knowledge of industry standard frameworks (ISO 2700x, NIST, ITIL, etc.), best practices (CIS, SANs, OWASP, CSA) and regulations (PCI DSS, GDPR, China CSL, etc).
- Expert knowledge of security tools, techniques and best practice within enterprise environments.
- Expert knowledge of current industry security threats, challenges and mitigation techniques.
- Expert knowledge of DevOps practices and embedding security in the software development life-cycle.
- Demonstrable experience of implementing Threat & Vulnerability and Security Analytics services in large organization.
- Demonstrable experience of supporting project teams with high and low-level security consultancy, design and delivery, with a wide-ranging understanding of security considerations across key technologies across market-leading solutions in Network, OS, SaaS applications, public cloud, etc.
- Demonstrable experience of developing strong partnerships across senior management teams within complex businesses, you'll possess the strength of character and conviction to make tough decisions when required.
- Ability to evaluate & articulate risks, develop consensus, raise awareness and provide thoughtfully considered security solutions to various key business stakeholders.
- Ability to translate and distil complex technical information across all levels of the organisation as required for the audience.
- Ability to effectively develops and manages all defined communication channels and relationship management with diverse stakeholder groups.
- Ability to lead and manage a specialist based, high performing and multicultural team.Ability to think “out of box” to identify security weakness and use “security analytics” technique (e.g. visualization) to influence risk mitigation improvement.
Our culture is unique. It's not easy or comfortable. It's certainly not for everyone, but if you thrive on challenge and are excited by change – it could be for you.