IT Security Officer

Key Responsibilities:

• Develop cybersecurity Standards and Policies: 

Develop and maintain cybersecurity standards, procedures, configurations or rulesets for the systems and services based on industrial best practices and IM8 compliance. Perform risk assessments on system deviations and new project functionalities.

• Compliance & Hardening: 

Conduct system hardening checks and exercises based on CIS Benchmarks/IM8 and perform security reviews to ensure remediation of audit findings, which may include table-top or simulation exercises.

• Security Monitoring Support: 

Monitor and respond to security Requests for Information (RFI)/alerts/incidents (e.g., Indicators-Of-Compromise (IOC) scanning, phishing, malware, and endpoint alerts), including coordination with various system or service operators, identifying potential threats and performing basic triaging prior to escalation to next level security responder and updates to stakeholders.

• Vulnerability and Penetration Test Management: 

Perform vulnerability assessment or system penetration test activities using automated and manual tools with recommendation for actionable remediation controls. Understand the published vulnerabilities with their respective security patches with context to the deployed system and perform risk assessment onto them.

• On-Premise and Cloud Security Governance: 

Monitor and notify security patches releases for the various environment (End-User computing, On-Premise Office Networking, GCC, GCC+). Involve in the security patch assessment rating based on standards like Common Vulnerability Scoring System (CVSS) as well as with the context of the deployed environment.

• Audit Coordination and Management: 

Act as the primary interface for internal and external auditors (e.g., AGO or internal clients audit teams). You will coordinate the Request for Information (RFI) process, ensuring that evidence is collected and provided promptly.

• Stakeholder Engagement: 

Act as a bridge between technical teams and management. This includes presentation or reporting on the vulnerability scanning results, security testing results, security incident or security posture of systems and conducting security awareness training for users.

Experience & Qualifications:

• Bachelors degree in Computer Science, IT, Cybersecurity, or related field, with 5+ years relevant experience.

• Experience in one or more domains: network security, secure application development, cryptography, cloud security, secure mobility, and DevSecOps.

• Proven ability to work with cross-functional teams and vendors to develop and implement security policies, standards, and controls.

• Security certifications (GCIH, CISSP, CISM, CISA, AWS/Azure Security) are a plus.

Technical Skills

• Hands-on with Tenable, Nessus, Splunk.

• Familiar with cloud security platforms (AWS Security Hub, Microsoft Defender/Sentinel for Cloud).

• Knowledge of cybersecurity investigations, vulnerability management, and VAPT.

Soft Skills & Advantage

• Strong stakeholder, communication, and documentation skills.

• Government, healthcare, or digital transformation experience is an advantage.