We are seeking an experienced IT Security Specialist to lead and implement robust security measures that protect our systems, networks, and information assets. This role ensures compliance with our Information Security Policy, industry standards, and regulatory requirements.

Responsibilities:

Security Operations: Lead and oversee day-to-day IT security administration, incident response, and health checks for servers and network infrastructure.

Monitoring & Analysis: Monitor event logs and alerts to proactively identify risks, minimize disruptions, and respond to security incidents.

Risk Management: Identify threats, vulnerabilities, and risks across technology platforms; perform vulnerability scans, patch management, and penetration testing.

Incident Handling: Investigate breaches, conduct root cause analysis, maintain documentation, and prepare postmortem reports.

Compliance & Audit: Facilitate internal/external audits, track remediation efforts, and ensure adherence to regulatory and corporate security standards (including BNM guidelines).

Security Architecture: Design and implement security controls for systems, networks, and applications; recommend enhancements and corrective actions.

Security Assessment: Conduct comprehensive security assessments, source code reviews, and analyze penetration test results to identify and remediate vulnerabilities.

Policy Management: Develop, review, and maintain IT security policies, procedures, and guidelines; recommend improvements for efficiency and effectiveness.

Requirements:

Bachelor’s degree in Computer Science, Information Security, IT, or equivalent practical experience.

Professional certifications such as CISSP, CRISC, CEH, GIAC, GCIH, GWAPT are an added advantage.

8–12 years of specialization in IT Security Technologies, IT General Control, and IT Processes.

Hands-on experience with security solutions including ZeroTrust, Network Security Monitoring, NAC, Firewalls (L2/L3), IDS/IPS, Proxy, WAF, VLAN, VPN, Endpoint Detection & Response, SIEM, Content Filtering, Encryption, DHCP, DNS, HTTP, SSL, SSH, LDAP, IPSEC, DLP, O365 security components.

Proven experience in vulnerability management, penetration testing, source code review, and responding to MSS/SOC threat notifications.

Ability to lead and participate in project implementations, vendor sourcing, and procurement processes.

Ability to work independently, manage multiple tasks under tight deadlines, and provide urgent after-hours support when required.