Information Technology Security Officer

1. Governance, Risk & Compliance (GRC)

• Ensure compliance with IM8, WOG Cybersecurity Policies, and other government security standards.
• Lead security risk assessments, gap analyses, and mitigation planning for systems and projects.
• Develop and maintain security documentation including SRM reports, policies, procedures, and system security plans.
• Support accreditation and certification processes such as STS, SCD, and annual security reviews.

2. Security Operations & Monitoring

• Oversee security events, incident alerts, and vulnerabilities across systems.
• Coordinate with Government Security Operations Centres (SOC) or vendor SOC for incident triage and escalation.
• Track remediation of findings from audits, penetration tests, and vulnerability scans.
• Ensure timely reporting of incidents to relevant government cybersecurity authorities.

3. Project Security Assurance

• Participate in system design reviews to ensure security-by-design principles.
• Review solution architectures, technical designs, and change requests for compliance with WOG policies.
• Conduct security assessments for new applications, cloud services, or infrastructure changes.
• Validate and approve deployment of security controls (e.g., MFA, encryption, endpoint protection, logging).

4. Policy Enforcement & Advisory

• Act as the primary security SME for systems under management.
• Provide guidance to project managers, developers, and infrastructure teams on government security requirements.
• Review third‑party vendor deliverables for compliance and security posture.
• Ensure data classification, handling, and protection guidelines are adhered to.

5. Security Awareness & Continuous Improvement

• Conduct or coordinate security awareness training for internal teams and vendors.
• Track cybersecurity trends and changes in government security regulations.
• Recommend improvements to security processes, monitoring tools, and compliance workflows.
• Drive adoption of GovTech cybersecurity initiatives (e.g., CSP, CCoP updates, logging guidelines).