IT Security Officer

The ITSO team will divide responsibilities across key security domains to ensure comprehensive coverage. The team will directly report to Board’s Cybersecurity Team, focusing on specialised areas such as security monitoring, system security, compliance activities, technical support, risk assessments, and governance functions. This distribution ensures specialised expertise while maintaining collaborative oversight across all security functions.

• System Security and Compliance: conduct security reviews, system hardening checks, risk assessment based on deviations to hardening requirements, create PUB hardening baselines, review and maintain SOPs, plan and schedule annual reviews of security hardening documents, perform compliance reviews, and ensure remediation of findings.
• Management and Responding to Security Alerts: monitor phishing alerts, communicate with staff regarding malicious emails, support audit activities, perform vulnerability scans and penetration tests, perform malware scans on endpoints with anti‑virus alerts, work with cloud security engineers to follow up on findings identified in CSPM and Government in‑house CSPM tool, review findings flagged by CSPM tools, monitor suppression expiry, follow up with system Officers‑in‑Charge and infrastructure teams, maintain a tracking system for remediation status, and assess security recommendations using the GenAI tool.
• Technical Support and Governance: provide vulnerability monitoring, recommend and implement mitigation actions, provide security advice or proposals for new projects and functionalities, monitor governance compliance tools such as Cloudscape, provide risk‑based assessments to prioritise rectification of alerts, manage and update governance compliance tools, and respond to auditors’ RFI on security monitoring.
• Reporting and Training: compile monthly reports summarising task progress and flag outstanding non‑remediated issues/alerts, present reports to the Board's Cybersecurity team, coordinate monthly IT security awareness training and briefings for users, and deliver training programmes with specialised expertise.

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• Internationally recognised security certifications such as CISSP, CISM, CRISC, or CISA.
• Minimum of 2 years of experience in Cloud cybersecurity, including security assessment and vulnerability management within cloud and on‑prem environments, particularly GCC.
• Familiarity with security platforms such as Azure Log Analytics, AWS CloudWatch, AWS Security Hub CSPM, and Microsoft Defender for Cloud.
• Strong analytical and problem‑solving skills, with excellent spoken and written English communication skills to effectively collaborate with team members, system Officers‑in‑Charge, infrastructure teams, and external vendors.