IT Security Specialist

Responsibilities

Lead, oversee day-to-day IT security incidents, administration, and health checks of current servers and network infrastructure security control.

Monitor and respond to event logs and alert notifications on servers and networks to proactively identify and minimize disruption and impact to systems, networks, and endpoint devices.

Identify IT security risks, threats, and vulnerabilities in the company’s technology.

Analyse and report computer network, servers, and application security breaches or attempted breaches. Investigate cyber security incidents, perform vulnerability scans, patch management, and penetration test assessments.

Take appropriate action to minimize harm and recommend corrective actions.

Perform problem management, root cause analysis, and postmortem reviews following incidents.

Maintain incident documentation, participate in post-mortems, and establish incident reports.

Participate in IT security assessment reviews, analyse business risks, and create IT security requirements and controls to ensure compliance with guidelines.

Take ownership in evaluating and recommending IT security control enhancements and projects.

Configure, implement, monitor, and support IT security software, systems, technologies, and processes in compliance with regulatory, industry, corporate policies, procedures, and BNM Information Security standards.

Serve as the in-house subject matter expert to provide IT security advice and guidance.

Collaborate with team members in designing and implementing IT security control initiatives, risk mitigation, and remediation.

Recommend, implement, and manage security controls for systems, networks, and applications by designing system security architecture and developing detailed security designs.

Prepare and conduct security awareness briefings, training, and phishing simulations.

Facilitate and interact with internal and external audit engagements.

Support remediation based on agreed recommendations and associated risks pertaining to Global Information Security Group or other corporate requirements. T

rack and follow up with relevant parties to ensure audit and compliance gaps are addressed within committed timelines.

Establish and maintain IT security policies, procedures, and guidelines.

Periodically review security guidelines and controls to ensure effectiveness and efficiency.

Recommend improvements where necessary and develop comprehensive reports including assessment findings, outcomes, and recommendations for system security enhancement.



Requirements

Bachelor’s degree in Computer Science, Information Security, Information Technology, or equivalent practical experience.

CISSP, CRISC, CEH, GIAC, GCIH, GWAPT will be an added advantage.

Minimum 8–12 years of specialization in IT Security Technologies, IT General Control, and IT Processes.

Minimum 8–12 years of hands-on technical experience in implementing, maintaining, and having knowledge of IT security solutions and systems, including:
Zero Trust, Network Security Monitoring, NAC, L2/L3 Firewalls, Routing, Switching, IDS/IPS, Proxy, WAF, VLAN, VPN Technology, Endpoint/Intrusion Detection & Response Solutions, SIEM Technologies, Content Filtering, Encryption Technology, DHCP, DNS, HTTP, SSL, SSH, LDAP, IPSEC, DLP, O365 Security Components.

Minimum 8–12 years of experience in developing, implementing, or architecting information security solutions, vulnerability scans, patch management, and leading responses to audits, compliance, IT security incidents, and cyber security risk assessments.

Experience in cyber security threat and log monitoring, vulnerability and penetration assessments, source code review, and responding to MSS/SOC threat notifications.

Experience in preparing and conducting security awareness briefings and training. Establishing and maintaining information asset management, technical specifications, documentation, policies, and procedures.

Experience in leading and participating in project implementation.

Vendor sourcing, processing PO, and payment requests.

Excellent analytical and problem-solving skills.

Results-oriented, self-motivated and able to work under pressure.

Ability to work independently with minimal supervision.

Strong time management, prioritization, and organizational skills to handle multiple tasks under tight deadlines.

Willingness to provide after-office-hours support for urgent incident requests.