Senior Cybersecurity Engineer

Thomson Medical is in the midst of an exciting transformation, where new ways of working, systems and processes are re-shaping.

If you do not want to miss out this excitement and believe in our purpose in empowering life journeys by caring for generations of women, children and families, we invite you to apply for the following opportunity with us!

The role leads security monitoring, vulnerability management, and incident response, and supports governance, risk assessments, audits, and regulatory compliance by ensuring policies, controls, and evidence are properly maintained.

• Lead and conduct security awareness training, including training sessions, phishing simulations, surveys, and quizzes, to promote secure behaviors and adherence to security policies and procedures.
• Perform enterprise‑wide IT security risk assessments, identify exploitable weaknesses, and drive the remediation or risk treatment of findings to protect infrastructure, applications, and sensitive data.
• Plan, manage, and oversee vulnerability assessments, penetration testing, and security audits, including coordination with internal teams and external vendors, and track remediation to closure.
• Develop, maintain, and enforce security frameworks, policies, standards, procedures, and technical guidelines in alignment with regulatory, audit, and organizational governance requirements.
• Monitor security tools and platforms to detect intrusions, suspicious activities, and abnormal behavior; promptly isolate, block, and eliminate unauthorized access or threats.
• Lead security incident response, including escalation, investigation, containment, root‑cause analysis, and remediation, and produce clear post‑incident and audit‑ready reports.
• Stay current with emerging threats, vulnerabilities, and attack techniques, and proactively research, recommend, and implement appropriate mitigation measures.
• Provide security advisory and technical guidance to infrastructure, application, and business teams to ensure security is embedded into system design and operations.
• Support governance, compliance, and regulatory assessments by maintaining accurate security documentation, evidence, metrics, and risk registers.
• Coordinate and manage IT security audit activities, including internal, external, and regulatory audits, ensuring timely preparation and submission of required documentation and evidence.
• Liaise with auditors and relevant stakeholders, addressing audit queries, tracking findings, and driving remediation actions to closure in accordance with governance and compliance requirements.

• A recognized diploma or degree in CyberSecurity, Computer Science, IT or related field
• Minimum 3 years experience in IT Security role
• Good knowledge on security frameworks (e.g ISO/IEC 27001, NIST Cybersecurity framework), risk management methodologies and latest top 10 OWASP vulnerabilities
• CRISC, CISM and CISSP preferred
• Strong hands‑on knowledge of cybersecurity technologies, including EDR and NDR solutions, firewalls, vulnerability scanning tools (e.g. Nessus), email security, DLP, Microsoft Purview, IPS, web security controls, endpoint security, and secure network protocols.
• A strong team player with the ability to collaborate effectively across technical teams and stakeholders

If you do not possess the above experience, your application will still be considered on individual merits and you may be contacted for other opportunities

By submitting your personal data and/or resume, you give consent to the collection, use and disclosure of your personal data and/or resume by the company (or its agent) for the purpose of the processing and administration by company relating to this job application.

We regret to inform that only shortlisted candidates would be notified.