Job Description

Responsibilities

1.

Cybersecurity Management


Track, manage, and escalate cybersecurity incidents and critical threat events as required. Disseminate security advisories, threat intelligence, directives, and patch recommendations promptly. Conduct information security awareness training to foster a security-conscious culture. Lead or assist in tabletop exercises and risk management activities to improve incident response readiness.

2.

Security Product Management


Perform vulnerability scanning and security assessments on applications (client/server, mobile) using standard tools such as Tenable and Nessus. Analyze scan results, recommend remediation actions, and track resolution. Utilize Splunk or similar tools for security event monitoring, log collection, and incident analysis. Conduct onboarding and vulnerability scans for devices before connecting to the corporate network.

3.

Compliance and Reviews


Conduct periodic security audits to ensure adherence to ICT and cybersecurity incident response plans. Perform security assessments of ICT systems, including log analysis and reporting. Recommend and support security improvements based on audits and emerging threats.

4.

Network and Security Integration


Manage, configure, and optimize security tools for effective integration with IT infrastructure. Implement, update, and maintain security policies, technical baselines, and SOPs. Monitor compliance with secure configuration standards across systems and devices.

5.

Documentation and Reporting


Maintain documentation of security incidents, vulnerability assessments, checklists, controls, and policies. Prepare regular reports on security metrics, incident trends, compliance, and risk mitigation. Ensure timely escalation of major incidents to management and stakeholders.

6.

Collaboration and Advisory


Work closely with IT teams and vendors to implement and maintain security solutions. Provide security guidance for projects, system implementations, and procurement to embed security-by-design principles. Align security practices with organizational cybersecurity strategies and compliance requirements.

7.

Core Expertise Areas


Information Security Governance: Policies, standards, procedures, regulatory compliance, risk assessments. Security Architecture: Zero-trust models, micro-segmentation, secure cloud architectures. Identity & Access Management (IAM): IAM solutions, MFA, SSO, privileged access management. Threat Detection & Response: SIEM management, EDR solutions, incident response planning. Vulnerability Management: Vulnerability assessments, penetration testing, patch management, remediation strategies. Data Protection: DLP strategies, encryption technologies, data classification and handling. Compliance & Auditing: Internal and external audits, documentation for regulatory compliance. Third-Party Risk Management: Vendor security assessments, enforcing security requirements in contracts. Operational Technology Security: Industrial control system security principles. Contract, Change, and Incident Management: Oversight of service requests, incidents, and problem resolution.

Requirements

Bachelor's degree in Computer Science, IT, Cybersecurity, or related discipline. Professional certifications such as CISSP, CISM, GIAC, or equivalent are advantageous. Minimum 10 years in managing enterprise-level information security programs. Hands-on experience with security tools such as Tenable, Nessus, and Splunk. Strong knowledge of vulnerability management, threat analysis, incident response, secure network design, endpoint security, and system hardening. Familiarity with ICT security compliance frameworks, cybersecurity standards, and risk management practices. Strong analytical and problem-solving skills with attention to detail. Effective written and verbal communication; able to articulate security risks and recommendations. Ability to work independently and collaboratively in a fast-paced environment. * Proactive mindset with continuous improvement attitude toward cybersecurity operations.