Security & Risk Manager

The Security & Risk Manager is responsible for identifying, evaluating, and mitigating security risks across the organization, with a dual focus on physical asset protection and IT security within the companys operations. This role ensures the integrity and safety of deployed systems, critical infrastructure, and company information systems. The role spans physical security, cybersecurity, regulatory compliance, and incident response.

Key Responsibilities:

1. Security & Risk Management

· Conduct comprehensive security and risk assessments of internal systems and controls as well as risks associated with external contractors

· Identify and mitigate threats such as equipment theft, vandalism, environmental hazards, and unauthorized access.

· Develop security frameworks, systems and controls that meet all customer requirements in order to mitigate both internal and external threats and risks

· Maintain and regularly update the organizations risk register and mitigation plans.

2. IT & Cybersecurity

· Lead the development and enforcement of IT security policies, protocols, and standards across the company.

· Ensure the protection of critical business systems, field equipment telemetry, and remote monitoring platforms.

· Collaborate with the IT team to implement firewalls, endpoint protection, encryption, and secure access controls.

· Conduct regular cybersecurity risk assessments, vulnerability scans, and penetration testing.

· Oversee compliance with data protection regulations (e.g., GDPR, NIST, ISO 27001) where applicable.

· Develop and test incident response plans for cyber threats, system breaches, or data leaks.

3. Incident & Crisis Management

· Lead investigations into both physical and IT security incidents and breaches.

· Maintain logs and reports for internal audits and external stakeholders.

· Coordinate with law enforcement, telecom operators, and cybersecurity agencies as required.

4. Compliance & Training

· Ensure compliance with local and international security regulations.

· Train internal staff and field teams on security practices and cybersecurity awareness.

· Conduct regular drills, simulations, and refresher sessions for incident response.

5. Stakeholder Engagement

· Collaborate with telecom operators, contractors and vendors to align on security standards and protocols.

· Perform due diligence and risk assessments on third-party service providers, especially those with access to systems or infrastructure.

Key Requirements:

Education & Qualifications:

· Certifications such as CISSP, CISM, CEH, CPP, PSP, or ISO 27001/31000 are highly desirable.

Experience:

· Minimum of 5 years of experience in security management

· Proven track record in managing both physical infrastructure and IT security.

· Experience in telecom, energy, infrastructure, or technology sectors is a plus.

Skills & Competencies:

· Strong understanding of both physical security systems and cybersecurity frameworks.

· Experience with remote monitoring systems, SCADA, or IoT-based energy management platforms.

· Strong analytical, problem-solving, and crisis management skills.

· Excellent written and verbal communication skills, with the ability to educate and influence cross-functional teams.

· Willingness to travel frequently to project sites, including remote or high-risk areas.

Desirable Attributes:

· Experience with infrastructure deployed in rural or off-grid environments.

· Working knowledge of battery energy storage systems (BESS) or hybrid power solutions.

· Ability to work independently and manage multiple priorities in a fast-paced environment.