Senior Analyst, Vulnerability & Cyber Risk Management

WE TAKE YOU ABOVE BEYOND

Take your passion to the next level and work alongside other masters of their craft to build a fulfilling and rewarding career at Marina Bay Sands.

Job Responsibilities

Vulnerability Management

• Operate and mature the enterprise vulnerability management program across on‑premises, hybrid, cloud, and OT environments, defining governance, accountability models, and end‑to‑end processes that are scalable, auditable, and resilient to personnel change.
• Lead the modernization of vulnerability detection and analysis by advancing from traditional scanning approaches toward agent‑enabled and AI‑assisted techniques, while maintaining effective coverage in legacy and operationally constrained environments.
• Design and institutionalize risk‑based prioritization and remediation workflows that integrate technical severity, exploitability, threat intelligence, asset criticality, exposure, and business impact, with clear escalation and exception paths.
• Partner with infrastructure, cloud, application, and OT stakeholders to define baseline security and hardening expectations, remediation standards, and validated compensating controls aligned to operational realities and jurisdictional requirements.
• Establish durable metrics, reporting, and evidence standards that demonstrate coverage, remediation performance, aging exposure, and measurable risk reduction to support governance, audits, and executive decision making.

Cyber Risk Management

• Operate and evolve the cyber risk management framework, including methodology, governance, documentation, and decision criteria, enabling consistent, defensible, and repeatable risk outcomes across systems and jurisdictions.
• Overhaul and standardize the risk exception and risk acceptance process, defining approval authorities, time‑bound renewals, closure evidence requirements, and alignment to global security expectations and local regulatory obligations.
• Review and assess proposed remediations and compensating controls to determine whether they sufficiently address documented cyber risks, evaluating control design, scope, and effectiveness against the stated risk scenario, and providing clear sufficiency assessments and recommendations to support senior leadership decisions.
• Define and validate compensating control strategies where remediation is not feasible, ensuring controls are appropriate to the risk, measurable in effectiveness, clearly owned, and time‑bound.
• Maintain decision‑ready risk artifacts such as risk registers, treatment plans, exception records, and assessment outputs, with clear lifecycle management and accountability.

Automation Engineering and Process Improvement

• Design, build, and continuously improve scalable automation and workflow systems that underpin vulnerability management and cyber risk management, ensuring processes are durable, auditable, and independent of individual contributors or specific tools.
• Engineer automated intake, enrichment, prioritization, tracking, validation, and closure workflows for vulnerabilities and risks using APIs, data correlation, and event‑driven logic to minimize manual effort and operational friction.
• Develop risk‑ and vulnerability‑focused data models that correlate findings, asset context, exploitability signals, threat intelligence, ownership, and business impact into actionable, priority‑driven work queues.
• Build and maintain (both within existing technology and aggregated across technologies) metrics, dashboards, and reporting pipelines that measure coverage, remediation velocity, SLA adherence, exposure windows, and realized risk reduction, producing evidence suitable for audits and governance reviews.
• Drive continuous improvement through process retrospectives, root cause analysis, control effectiveness reviews, and refinement of automation, documentation, and operating models.

Job Requirements

Education and Certification

• Degree or diploma in cyber security, information technology, computer science, engineering, or a related discipline; OR
• Two years of hands‑on cyber security experience in the domains listed below, in addition to the experience requirements

Experience

• Four to eight years of experience across vulnerability management and cyber risk management, including hands‑on ownership of program operations and stakeholder outcomes
• Demonstrated experience modernizing security programs through process redesign, automation engineering, and measurement

Additional experience in one or more of the following is strongly preferred:

• Cyber governance, risk, verification, or compliance
• Security validation, control testing, penetration testing intake, or remediation coordination
• Security architecture and compensating control design
• Policy development, audit management, standards development, or control framework mapping
• Design and implementation of automation for security engineering and security operations

​Other Prerequisites

• Strong understanding of cyber security risk concepts, including inherent risk, residual risk, risk acceptance, control effectiveness, and treatment options
• Strong understanding of vulnerability management across traditional on‑premises infrastructure, endpoints, network devices, identity systems, cloud IaaS and PaaS services, and OT environments
• Strong process design and engineering skills, including SOP creation, RACI definition, workflow design, evidence standards, metrics, reporting, and continuous improvement
• Working knowledge of application of risk and vulnerability prioritization approaches that integrate severity, exploitability, threat intelligence, known exploitation, asset criticality, exposure, and business context
• Working knowledge of enterprise operational functions such as change management, patching lifecycles, configuration management, incident response, investigation triage, and production stability constraints

Marina Bay Sands is committed to building a diverse, equitable and inclusive workforce, providing equal opportunities as we grow our talent base to match our growth ambitions in Singapore. Our employees are committed to adhere to and abide by all rules, regulations, policies and procedures, including the rules of conduct and business ethics of the Company.