Senior Information Technology Security Officer

Key Responsibilities

Cybersecurity Standards & Policy Development: Design, implement, and maintain cybersecurity standards, procedures, configurations, and rulesets for systems and services in line with industry best practices and IM8 requirements. Conduct risk assessments for system deviations and newly introduced functionalities.

Compliance & System Hardening: Perform system hardening assessments aligned with CIS Benchmarks and IM8 controls. Carry out security reviews to validate remediation of audit findings, including facilitating table-top or simulated security exercises where required.

Security Monitoring & Incident Support: Monitor, analyse, and respond to security-related RFIs, alerts, and incidents (e.g. IOC scans, phishing attempts, malware detections, endpoint alerts). Coordinate with system and service operators, conduct initial threat triage, escalate incidents appropriately, and provide timely updates to stakeholders.

Vulnerability & Penetration Testing Management: Execute vulnerability assessments and penetration testing using both automated and manual tools, and recommend actionable remediation measures. Assess published vulnerabilities and associated patches within the context of deployed environments, and perform risk evaluations accordingly.

On-Premise & Cloud Security Governance: Track and communicate security patch releases across end-user computing, on-premise office networks, GCC, and GCC+ environments. Participate in patch risk assessment and prioritisation using frameworks such as CVSS, factoring in operational and environmental context.

Audit Coordination & Management: Serve as the primary point of contact for internal and external audits. Manage the RFI process and ensure accurate, complete, and timely submission of audit evidence.

Stakeholder Engagement & Reporting: Bridge technical teams and management through clear communication, reporting, and presentations on vulnerability findings, security testing outcomes, incidents, and overall security posture. Conduct security awareness training for end users where necessary.

What We Are Looking For

Experience & Qualifications

Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related discipline, with a minimum of 5 years of relevant experience.

Hands-on experience in one or more of the following areas: network security architecture, secure application development, cryptography, secure mobility management, cloud infrastructure design and implementation, DevSecOps, or similar domains.

Proven experience collaborating with cross-functional and multi-disciplinary teams or vendors to develop and enforce security policies, standards, procedures, and configurations.

Professional security certifications such as SANS GCIH, CISSP, CISM, CISA, or AWS/Azure security specialisations are advantageous.

Technical Skills

Proficient in security tools such as Tenable, Nessus, and Splunk.

Familiar with cloud security platforms including AWS Security Hub and Microsoft Defender / Sentinel for Cloud.

Solid understanding of cybersecurity investigation workflows and vulnerability assessment and penetration testing (VAPT) methodologies.

Personal Attributes

Strong interpersonal and stakeholder-management skills, with the ability to present effectively to both technical and non-technical audiences.

Able to produce clear, concise, and context-appropriate written documentation and reports.

Good to Have

Experience in the public sector, exposure to the healthcare industry, and/or involvement in digital transformation initiatives will be an added advantage.