Security Operations & Control Implementation

Design, implement, and enhance security controls across endpoint, identity, and collaboration platforms.

Establish and maintain endpoint security baselines and hardening standards for Windows and macOS environments.

Administer and monitor endpoint security tools (e.g., EDR solutions such as CrowdStrike or equivalent).

Monitor security alerts and coordinate incident response activities, including documentation and follow-up remediation.

Oversee patch compliance, vulnerability remediation tracking, and security configuration reviews (focus on governance and validation rather than routine deployment tasks).



Identity & Access Management

Administer user accounts and access rights across Active Directory and Microsoft 365 environments.

Conduct periodic access reviews and enforce least privilege principles.

Support onboarding and offboarding processes with proper access control validation.

Assist in strengthening identity controls, including MFA enforcement and conditional access policies.



IT Audit Support

Support internal and external IT audits, including ISMS and SOC 2 initiatives, through:

Evidence preparation and documentation

Control testing and validation

Access review execution

Remediation tracking and follow-up

Contribute to the maintenance and continuous improvement of IT policies, SOPs, and security documentation.

Assist in risk assessments, control gap analysis, and corrective action planning.

Maintain audit readiness through structured documentation and control monitoring.



IT Governance & Risk Management

Support the development and enhancement of IT security governance frameworks and operational controls.

Maintain and track risk registers and remediation action items.

Monitor compliance with internal security policies and regulatory requirements.

Promote cybersecurity awareness and good security practices across the organization.



Project & Initiative Coordination

Support coordination of security and compliance initiatives, including ISMS improvements and SOC 2 readiness programs.

Track project milestones, document action items, and follow up with stakeholders on remediation deliverables.

Participate in cross-functional IT and security projects to ensure alignment with governance and risk requirements.

Assist in preparing reports and updates for management and audit purposes.



Requirements

Minimally 3-5 years of relevant experience in cybersecurity, IT security operations, or IT infrastructure with security exposure

Practical experience supporting IT audits, internal controls, ISMS or SOC2 initiatives

Hands-on experience with:

Active Directory with M365 administration

Endpoint security/EDR platforms

Access control management and review processes

Experience supporting regional and/or global IT operations environments, including working across multiple geographies and stakeholders

Exposure to coordinating security or compliance initiatives is advantageous

Solid understanding of information security principles (CIA triad, least privilege, defence-in-depth)

Working knowledge of ISMS controls and SOC2 control domains

Familiarity with vulnerability management and patch compliance governance

Good understanding of endpoint hardening and identity security controls

Experience with ticketing systems, documentation platforms and audit evidence management

Ability to translate audit and compliance requirements into actionable security controls.



Good-to-Have Certifications

ISO 27001 Foundation or Lead Implementer

CompTIA Security+ or equivalent

Microsoft 365 Security Administrator (or equivalent)

CISA (good to have, but not mandatory)