System Security and Compliance: The team will conduct security reviews, system hardening checks and conducting risk assessment based on deviations to hardening requirements. The team will also create client's hardening baselines using available benchmarks. Responsibilities include create, review and maintain Standard Operation Procedures (SOPs), planning and scheduling annual reviews of security hardening documents, performing compliance reviews, and ensuring remediation of findings.
Management and responding to security alerts: Monitoring phishing alerts and communicating with staff regarding malicious emails, supporting audit activities, vulnerability scans, and penetration tests. Communicating and following SOP to perform malware scans on endpoints with anti-virus alerts.
Technical Support and Governance: The role involves providing vulnerability monitoring and recommending and implementing mitigation actions to system Officers-in-Charge and infrastructure teams. The team will also provide security advice or proposals on security measures for new projects and functionalities and monitor governance compliance tools, such as Cloudscape. The team will also provide their risk-based assessments to priorities rectification of alerts. The Team is also expected to manage and update into the governance compliance tools with the relevant information to suppress the affected findings when approval is sought. The team will respond to auditors RFI on security monitoring.
Reporting and Training: Monthly reports to summaries the progress of tasks and to flag outstanding non-remediated issues/alerts across the key security domains will be compiled collaboratively by the team and presented to the Board's Cybersecurity team. The team will coordinate monthly IT security awareness training and briefings for users to enhance organizational security posture, with team members contributing their specialized expertise to deliver comprehensive training programs.
Qualifications:
Bachelors degree in Computer Science, Information Technology, Cybersecurity, or a related field
Minimally an Internationally recognized security certifications such as CISSP, CISM, CRISC, or CISA (required)
Minimum of 2 years proven experience in Cloud Cybersecurity
Hands-on experience in security assessments and vulnerability management across cloud and on-prem environments, particularly GCC
Familiarity with security platforms including Azure Log Analytics, AWS CloudWatch, AWS Security Hub (CSPM), and Microsoft Defender for Cloud
Strong analytical and problem-solving skills for resolving security-related issues
Excellent written and spoken English communication skills to collaborate effectively with team members, Officers-in-Charge, infrastructure teams, and external vendors.
Strong collaborative skills are essential to ensure seamless coordination between the specialized roles whilst maintaining comprehensive security coverage.
