IT Security Officer

Key Responsibilities

Develop cybersecurity Standards and Policies:

• Develop and maintain cybersecurity standards, procedures, and rulesets based on best practices and IM8 compliance

• Perform risk assessments on system deviations and new project functionalities

Compliance & Hardening:

• Conduct system hardening checks using CIS Benchmarks and IM8 standards

• Perform security reviews to ensure remediation of audit findings

• Run table-top or simulation exercises

Audit Coordination & Management:

• Act as primary interface for internal and external auditors

• Coordinate Request for Information (RFI) processes

• Ensure evidence collection and prompt provision to auditors

Security Monitoring Support:

• Monitor and respond to security alerts and incidents (phishing, malware, endpoint alerts)

• Coordinate with system operators to identify potential threats

• Perform basic triaging before escalation to next level security responder

• Provide updates to stakeholders

Vulnerability and Penetration Test Management:

• Perform vulnerability assessment and penetration test activities using automated and manual tools

• Provide actionable remediation recommendations

• Understand published vulnerabilities and their security patches in context of deployed systems

• Perform risk assessments on vulnerabilities

On-Premise and Cloud Security Governance:

• Monitor and notify security patch releases for various environments (End-User computing, On-Premise Office Networking, GCC, GCC+)

• Assess security patch ratings using CVSS standards

• Consider deployed environment context when rating patches

Stakeholder Engagement:

• Present vulnerability scanning results, security testing results, and security incidents to management

• Conduct security awareness training for users

• Act as bridge between technical teams and management

What We Are Looking For

Experience & Qualifications:

• Bachelor's degree in Computer Science, IT, Cybersecurity, or related field

• Minimum 3 years relevant experience

• Experience in network security, secure application development, cryptography, mobile security, cloud hosting, or DevSecOps

• Experience working with teams to create security policies and procedures

• Security certifications (SANS GCIH, CISSP, CISM, CISA, AWS/Azure security) preferred

Technical Skills:

• Proficient with tools like Tenable, Nessus, and Splunk

• Familiar with cloud security platforms (AWS Security Hub, Microsoft Defender/Sentinel for Cloud)

• Understand cybersecurity investigation processes and vulnerability assessment/penetration testing (VAPT)

Personal Qualities:

• Good stakeholder management skills

• Strong presentation skills

• Write clearly and concisely

Good to Have:

• Government sector experience

• Healthcare industry knowledge

• Digital transformation background