Job Description

This role specialises in protecting the organisation’s systems, networks, and information assets by implementing, monitoring, and continuously improving IT security controls. The position plays a key role in incident response, security architecture design, regulatory compliance, and risk mitigation while acting as the in-house subject matter expert for cybersecurity matters.

Key Responsibilities

Security Operations & Incident Management

• Lead daily IT security operations including monitoring servers, networks, endpoints, and event logs.
• Detect, analyse, and respond to security incidents and cyber threats.
• Perform vulnerability scanning, patch management, penetration test assessments, root cause analysis, and post-incident reviews.

Security Architecture & Risk Management

• Design and implement system, network, and application security controls.
• Identify risks, threats, and vulnerabilities and recommend mitigation strategies.
• Support security enhancement projects and continuous improvement initiatives.

Compliance, Audit & Policy Management

• Ensure compliance with internal security policies, regulatory requirements, and industry standards (including BNM guidelines).
• Facilitate internal and external IT security audits and drive remediation activities.
• Develop and maintain IT security policies, procedures, standards, and technical documentation.

Advisory, Training & Stakeholder Support

• Act as in-house IT security subject matter expert for internal teams and projects.
• Conduct security awareness training, briefings, and phishing simulations.
• Support vendor evaluation, project implementation, and security-related procurement processes.

Job Requirements

• Bachelor’s Degree in Computer Science, Information Security, Information Technology or equivalent.
• Minimum 8–12 years of experience specialising in IT security technologies and controls.
• Strong hands-on experience with firewalls (L2/L3), IDS/IPS, SIEM, DLP, endpoint security, Zero Trust, VPN, NAC, WAF, proxy, network security monitoring, encryption technologies, and O365 security components.
• Experience in vulnerability management, patching, penetration testing, incident response, SOC/MSS threat handling, and security assessments.
• Experience in audit support, compliance management, security documentation, and policy development.
• Exposure to project implementation and vendor management is an advantage.
• Professional certifications (CISSP, CRISC, CEH, GIAC, GCIH, GWAPT) are a plus.
• Strong analytical, communication, and problem-solving skills.
• Able to support urgent security incidents after office hours when required.

Skills