IT Security Officer

The IT Security Officer (ITSO) is responsible for managing cybersecurity incidents, conducting vulnerability assessments, ensuring compliance with cybersecurity policies, and maintaining the security of network and IT assets. This role works closely with internal IT teams and external vendors to uphold the Agency’s cybersecurity posture and compliance requirements.

• Track, manage, and elevate cybersecurity incidents and critical security threat events to the Agency as required.
• Disseminate security advisories, threat intelligence reports, security directives, and patch recommendations promptly to the relevant stakeholders in the Agency.
• Conduct information security awareness training sessions to cultivate a security-conscious culture among staff.
• Lead or assist in conducting tabletop exercises and security risk management activities to enhance incident response readiness.

• Perform vulnerability scanning and security assessments on applications (client/server, mobile apps) deployed in the corporate networks using Tenable and Nessus.
• Analyze vulnerability scan results, recommend remediation actions, and track resolution status.
• Utilize Splunk or security tools for security event monitoring, log collection, and analysis of security incidents.
• Perform onboarding and vulnerability scanning of computing devices before connecting to the corporate network to ensure compliance with cyber hygiene standards.

• Conduct periodic security reviews and audits to ensure adherence to the Agency’s ICT and cybersecurity incident response plans.
• Perform security assessments of ICT systems, including detailed log analysis and reporting.
• Recommend and support implementation of security improvements based on audit findings and emerging threat landscapes.

• Manage, configure, and optimize security tools and platforms to ensure effective integration with the network and IT infrastructure.
• Implement, regularly update and maintain security policies, technical baselines, and standard operating procedures (SOPs) to protect the Agency’s IT environment.
• Monitor and ensure compliance with secure configuration standards across systems and devices.

• Maintain detailed and up-to-date documentation of security incidents, vulnerability assessments, security checklist, security controls, and related policies.
• Prepare and deliver regular reports on security performance metrics, incident trends, compliance status, and risk mitigation efforts.
• Ensure timely escalation and reporting of major and cyber risk incidents to management and relevant stakeholders.

• Work closely with other IT teams (e.g., Infrastructure, Application, Project teams) and external vendors to support, implement, and maintain security solutions.
• Provide security advisory and recommendations to support projects, system implementations, and procurement activities to ensure security-by-design principles are embedded.
• Collaborate with the Agency to align security practices with organizational cybersecurity strategies and compliance requirements.