IT Security Officer (ITSO) - Cloud Security & Governance

About the Role & Team

We are building a specialized team of IT Security Officers (ITSOs) to serve as critical liaisons and subject matter experts. You will provide comprehensive security support to system managers and our Board's Cybersecurity team, ensuring robust protection across our hybrid hosting environments (On-premise, GDC, GCC, GCC+, etc.).

We operate on a distributed responsibility model. Team members will specialize in key domains-such as security monitoring, system compliance, and technical governance-while collaborating closely to ensure seamless, organization-wide security oversight. Your work will directly impact our security posture through hands-on management, proactive risk assessment, and clear stakeholder communication.

Your Key Responsibilities

You will be entrusted with a blend of technical, operational, and governance duties. Responsibilities will be distributed within the team based on expertise, encompassing the following core areas:

• Security Compliance & Hardening (30%)

  • Conduct security reviews, system hardening checks, and risk assessments based on deviations from established benchmarks (e.g., CIS Benchmarks).

  • Develop, review, and maintain PUB's security hardening baselines and Standard Operating Procedures (SOPs).

  • Plan and execute annual reviews of security documents and perform compliance reviews to ensure timely remediation of findings.

• Cloud Security Posture Management (CSPM) & Alert Governance (30%)

  • Collaborate with cloud security engineers to manage findings from CSPM tools (e.g., Cloudscape).

  • Perform routine triage and assessment of CSPM alerts, using provided GenAI tools to validate findings and distinguish false positives.

  • Proactively follow up with System Officers-in-Charge and infrastructure teams to drive remediation, maintaining a detailed tracking system for all issues.

  • Manage alert suppressions within governance tools, monitoring expiry dates and ensuring ongoing validity.

• Security Operations & Technical Advisory (25%)

  • Monitor and respond to security alerts (phishing, malware/anti-virus) according to SOPs.

  • Provide vulnerability monitoring, analysis, and actionable mitigation recommendations.

  • Offer security consultancy for new projects and functionalities.

  • Support audit activities, vulnerability scans, penetration tests, and respond to auditors requests for information (RFI).

• Reporting, Training & Collaboration (15%)

  • Compile and present comprehensive monthly reports on task progress and outstanding security issues.

  • Coordinate and contribute to monthly IT security awareness training and briefings for staff.

  • Foster strong collaborative relationships with the Cybersecurity team, system owners, infrastructure teams, and vendors.

To Be Successful, You Must Have:

We are looking for candidates who are proactive advisors, not just technical analysts. Your application will be considered if you meet all of the following mandatory criteria:

1. Certification: A minimum of one internationally recognized security certification from the following: CISSP, CISM, CRISC, or CISA.

2. Experience: At least 2 years of proven, hands-on experience in Cloud cybersecurity, specifically in security assessment and vulnerability management within GCC (Government on Commercial Cloud) or equivalent regulated cloud environments.

3. Education: A Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a closely related field.

4. Skills: Demonstrated strong analytical and problem-solving skills with excellent communication skills in English (both spoken and written), essential for effective collaboration and reporting.

Your Application & Our Process

To ensure a precise fit and respect your time, please apply only if you meet all four Must Have criteria above.