We are seeking an experienced IT Security Officer (ITSO) to focused on Governance, Risk, and Compliance (GRC) across both end-user computing, on-premises and cloud environments. ITSO acts as a subject matter expert who ensures that systems and procedures are align with the Customer's policies and standards.
Experience & Qualifications:
- min 5 yrs of experience as a ITSO
- min 5 yrs of experience in one or more of the following domains: Network security design, applications secure development, cryptography, secure mobility management, cloud hosting design and implementation, DevSecOps, etc.
- min 5 yrs of experience in working with cross-functional, multi-disciplinary teams or contractors to formulate and security policies, standards, procedures and configurations
- Proficient with tools like Tenable, Nessus, and Splunk.
- Familiar with cloud security platforms (e.g., AWS Security Hub, Microsoft Defender/Sentinel for Cloud).
- Understand cybersecurity investigation processes and vulnerability assessment/penetration testing (VAPT).
- Government sector experience, healthcare industry knowledge, and digital transformation background would be advantageous.
- Possessing security certifications such as SANS GCIH, CISSP, CISM, CISA and Azure or AWS cloud service security specialty is an added advantage.
Key Responsibilities
- Develop cybersecurity Standards and Policies: Develop and maintain cybersecurity standards, procedures, configurations or rulesets for the systems and services based on industrial best practices and client compliance. Perform risk assessments on system deviations and new project functionalities.
- Compliance & Hardening: Conduct system hardening checks and exercises based on benchmark and perform security reviews to ensure remediation of audit findings, which may include table-top or simulation exercises.
- Security Monitoring Support: Monitor and respond to security Requests for Information (RFI)/alerts/incidents (e.g., Indicators-Of-Compromise (IOC) scanning, phishing, malware, and endpoint alerts), including coordination with various system or service operators, identifying potential threats and performing basic triaging prior to escalation to next level security responder and updates to stakeholders.
- Vulnerability and Penetration Test Management: Perform vulnerability assessment or system penetration test activities using automated and manual tools with recommendation for actionable remediation controls. Understand the published vulnerabilities with their respective security patches with context to the deployed system and perform risk assessment onto them.
- On-Premise and Cloud Security Governance: Monitor and notify security patches releases for the various environment (End-User computing, On-Premise Office Networking, GCC, GCC+). Involve in the security patch assessment rating based on standards like Common Vulnerability Scoring System (CVSS) as well as with the context of the deployed environment.
- Audit Coordination and Management: Act as the primary interface for internal and external auditors. You will coordinate the Request for Information (RFI) process, ensuring that evidence is collected and provided promptly.
- Stakeholder Engagement: Act as a bridge between technical teams and management. This includes presentation or reporting on the vulnerability scanning results, security testing results, security incident or security posture of systems and conducting security awareness training for users.
