Job Description

Job Description

As a Principal Engineer (GRC), you will execute and own day‑to‑day cybersecurity governance, risk and compliance activities across StarHub’s business units. You will ensure our digital assets and projects comply with internal security policies and Singapore telco regulatory obligations (e.g., IMDA, CSA, TCS, BCS, CCoPv2) while uplifting our detection and response capabilities. You will collaborate with internal teams, our MSSP, and external consultants to deliver security reviews, exercises, and remediation on time and to a high standard.


Key Responsibilities:

1) Regulatory Compliance & Governance (Execution)Maintain Cybersecurity Management (CSM) documentation and contribute to 5G policy development to align with regulatory obligations and deadlines.Plan and execute—together with appointed consultants and internal stakeholders—the following annual/biennial activities, including drafting and socialising reports and tracking remediation to closure:Bi‑Annual Host Configuration Reviews for CII and CII‑supporting assetsAnnual Table‑Top Exercises (TTX) across major stakeholdersBiennial external audits with auditors and key business unitsMaintain audit‑ready artefacts and ensure submissions meet expected timelines and quality.

2) Security Engineering & OperationsPartner with the MSSP and platform owners to ensure comprehensive 24×7 log ingestion and monitoring coverage; onboard new log sources and use cases.Tune SIEM/SOAR detections and playbooks; develop runbooks to reduce mean time to detect/respond.Track and drive vulnerability remediation for assigned systems; ensure adherence to SLA (e.g., critical within 14 days) and report status to stakeholders.Support incident response (IR): triage, containment coordination, evidence preservation, and post‑incident reviews; facilitate lessons learned and control improvements.Develop or enhance automation (e.g., scripts/dashboards) for evidence collection, risk tracking, and compliance reporting.

3) Risk Management & AssurancePerform risk assessments and threat modelling for new/changed business solutions; define security requirements and validate they are tested before go‑live.Maintain accurate risk register entries for owned domains; ensure risks have clear owners, treatments, and review cadences.Evaluate new security solutions/approaches and contribute to policies, standards, and guidelines.

Qualifications

Qualifications

Requirements:
Bachelor’s degree in Computer Science, Computer Engineering, Information Technology, or related field.5–8 years’ hands‑on experience in cybersecurity engineering and/or GRC within a telco or similarly regulated environment.

Familiarity with Singapore regulatory landscape (IMDA, CSA, CII requirements) and enterprise frameworks (e.g., NIST CSF, ISO/IEC 27001).

Demonstrated experience in one or more of: identity & access management (RBAC, MFA, PAM), cryptographic controls, vulnerability management, firewall policy reviews, log analysis, packet/stream analysis, SIEM/SOAR tuning, and incident handling.

Strong written and verbal communication skills; ability to prepare reports for technical and senior, non‑technical stakeholders.Able to participate in on‑call/after‑hours support during critical cybersecurity incidents.

Preferred Certifications (nice‑to‑have): GCIH, GCFA, CISA, CISSP (or equivalent).