The IT Security Officer (ITSO) is responsible for developing,implementing, and maintaining the organisation's cybersecurity framework,ensuring compliance with security policies, and safeguarding information assets. This role oversees security operations, risk assessments, incidentresponse, access control, and compliance with regulatory and industry standards. The ITSO works closely with internal departments and external partners to ensure a secure digital environment.
Key Responsibilities
A. Security Governance & Compliance
- Develop, review, and enforce IT security policies, standards, and procedures.
- Maintain compliance with regulatory requirements
- Conduct periodic security audits, vulnerability assessments, and compliance checks.
- Prepare documentation, reports, and evidence for internal and external audits.
- Lead awareness programs to promote cybersecurity culture across the organisation.
B. Security Operations & Monitoring
- Monitor security events, alerts, and logs using SIEM, EDR, and other monitoring tools.
- Conduct threat analysis and respond to suspicious activities.
- Manage user access rights, privileged accounts, and identity lifecycle.
- Oversee endpoint protection, patch management, and secure configurations.
- Perform regular reviews of firewall, network, and application security.
C. Incident Response & Recovery
- Lead cybersecurity incident investigations, triage, containment, and recovery.
- Maintain and improve the Incident Response Plan (IRP) and Disaster Recovery (DR) procedures.
- Conduct post‑incident reviews and recommend preventive measures.
- Coordinate with external cybersecurity vendors and authorities when required.
D. Risk Management
- Perform IT risk assessments and maintain the IT risk register.
- Identify security gaps, evaluate vulnerabilities, and recommend mitigation strategies.
- Assess security posture of third‑party vendors and systems.
- Provide security input for new IT projects, system changes, and application rollouts.
E. Project & Advisory Support
- Work with IT teams to ensure secure architecture and configurations.
- Review business requirements for security implications.
- Support IT projects with security design, testing, and validation.
- Participate in procurement processes to evaluate security technologies and solutions.
Qualifications & Requirements
Education
- Bachelor's degree in Information Security, Computer Science, IT, or related field.
- Equivalent experience will be considered.
Professional Certifications (Preferred/Optional)
- Certified Information Systems Security Professional (CISSP)
- Certified Information Security Manager (CISM)
- GIAC Certified Incident Handler (GCIH).
Skills
- Proven experience in IT security, with a focus on infrastructure security
- Strong understanding of information security principles, best practices, and relevant regulations
- Experience with a range of security tools and technologies
- Familiarity with forensic investigation techniques and tools
- Excellent analytical and problem-solving skills
- Strong written and verbal communication skills
- Ability to work effectively both independently and in a team environment
- Experience in liaising with external partners and suppliers on security matters
Working Location : Central
..We regret to inform that only shortlisted candidates will be notified. Personal data collected will be used for recruitment purposes..
