The IT Security Officer (ITSO) is responsible for managing cybersecurity incidents, conducting vulnerability assessments, ensuring compliance with cybersecurity policies, and maintaining the security of network and IT assets. This role works closely with internal IT teams and external vendors to uphold the Agency's cybersecurity posture and compliance requirements.
Key Responsibilities
1. Cybersecurity Management
- Track, manage, and escalate cybersecurity incidents and critical security threat events to the Agency as required.
- Disseminate security advisories, threat intelligence reports, security directives, and patch recommendations promptly to the relevant stakeholders in the Agency.
- Conduct information security awareness training sessions to cultivate a security-conscious culture among staff.
- Lead or assist in conducting tabletop exercises and security risk management activities to enhance incident response readiness.
2. Security Product Management
- Perform vulnerability scanning and security assessments on applications (client/server, mobile apps) deployed in the corporate networks using Tenable and Nessus.
- Analyze vulnerability scan results, recommend remediation actions, and track resolution status.
- Utilize Splunk or security tools for security event monitoring, log collection, and analysis of security incidents.
- Perform onboarding and vulnerability scanning of computing devices before connecting to the corporate network to ensure compliance with cyber hygiene standards.
3. Compliance and Reviews
- Conduct periodic security reviews and audits to ensure adherence to the Agency's ICT and cybersecurity incident response plans.
- Perform security assessments of ICT systems, including detailed log analysis and reporting.
- Recommend and support implementation of security improvements based on audit findings and emerging threat landscapes.
4. Network and Security Integration
- Manage, configure, and optimize security tools and platforms to ensure effective integration with the network and IT infrastructure.
- Implement, regular updates and maintain security policies, technical baselines, and standard operating procedures (SOPs) to protect the Agency's IT environment.
- Monitor and ensure compliance with secure configuration standards across systems and devices.
5. Documentation and Reporting
- Maintain detailed and up-to-date documentation of security incidents, vulnerability assessments, security checklist, security controls, and related policies.
- Prepare and deliver regular reports on security performance metrics, incident trends, compliance status, and risk mitigation efforts.
- Ensure timely escalation and reporting of major and cyber risk incidents to management and relevant stakeholders.
6. Collaboration and Advisory
- Work closely with other IT teams (e.g., Infrastructure, Application, Project teams) and external vendors to support, implement, and maintain security solutions.
- Provide security advisory and recommendations to support projects, system implementations, and procurement activities to ensure security-by-design principles are embedded.
- Collaborate with the Agency to align security practices with organizational cybersecurity strategies and compliance requirements.
7. Project Specific
The candidate should possess in-depth knowledge and hands-on experience in the following core areas:
(a) Information Security Governance (Core):
(i) Knowledge of information security policies, standards, and procedures
(ii) Ensuring compliance with relevant industry standards and regulations (e.g., ISO 27001, GDPR, HIPAA)
(iii) Conducting regular risk assessments and managing the organisation's risk register
(iv) IM8 Policy for On-Prem Infrastructure Security
(b) Security Architecture:
(i) Knowledge of zero-trust security models and micro segmentation
(ii) Knowledge of secure cloud architectures and cloud security best practices
(c) Identity and Access Management (IAM):
(i) Managing IAM solutions
(ii) Experience with multi-factor authentication (MFA) and single sign-on (SSO) technologies
(iii) Proficient in privileged access management (PAM) strategies
(d) Threat Detection and Response (Core):
(i) Managing Security Information and Event Management (SIEM) systems
(ii) Experience with Endpoint Detection and Response (EDR) solutions
(iii) Developing and maintaining incident response plans and procedures
(e) Vulnerability Management (Core):
(i) Conducting regular vulnerability assessments and penetration testing
(ii) Managing the patch management process across the organisation
(iii) Experience with vulnerability scanning tools and remediation strategies
(f) Data Protection (Core):
(i) Knowledge of data loss prevention (DLP) strategies
(ii) Experience with encryption technologies for data at rest and in transit
(iii) Knowledge of data classification and handling procedures
(g) Compliance and Auditing (Core):
(i) Ensuring compliance with relevant industry standards and regulations
(ii) Conducting internal security audits and supporting external audits
(iii) Preparing and maintaining security-related documentation for compliance purposes
(h) Third-Party Risk Management:
(i) Assessing and managing security risks associated with vendors and third-party service providers
(ii) Developing and enforcing security requirements for third-party contracts
(i) Operational Technology (OT) Security:
(i) Understanding of OT security principles and challenges
(ii) Experience securing industrial control systems (ICS) and SCADA environments
(j) Contract Management
(k) Change Management or Service Request Management
(l) Problem or Incident Management
Requirements
- Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related discipline.
- Professional certifications such as CISSP, CISM, GIAC, or equivalent would be advantageous.
- 10 years of experience in maintaining comprehensive information security programs for enterprise environments and have overall responsibility for managing and coordinating the performance and delivery of the services in the contract.
Technical Skills
- Hands-on experience with security tools such as Tenable, Nessus, and Splunk.
- Solid understanding of vulnerability management, threat analysis, and incident response processes.
- Knowledge of secure network design, endpoint security, and system hardening techniques.
- Familiarity with ICT security compliance frameworks, cybersecurity standards, and risk management practices.
Other Skills
- Strong analytical and problem-solving skills with attention to detail.
- Effective communication skills, both written and verbal, with the ability to clearly articulate security risks and recommendations.
- Ability to work independently with minimal supervision and collaboratively within a team in a dynamic and fast-paced environment.
- Proactive mindset with a continuous improvement attitude towards cybersecurity operations.
