M01 - IT Security Officer

Job Summary

We are seeking a team of IT Security Officers (ITSOs) to act as IT security subject matter experts, supporting system managers and the Boards Cybersecurity team. The team will ensure IT infrastructure security, policy compliance, and effective cyber operations across all hosting environments (on-premise, GDC, GCC, GCC+, etc.). Responsibilities will be distributed among team members to ensure full coverage and operational effectiveness.

Team Structure and Scope

The ITSO team will report directly to the Boards Cybersecurity team and cover key security domains including security monitoring, system security and compliance, risk assessment, technical support, and governance. Team members will specialise in defined areas while working collaboratively across all security functions.

Key Responsibilities

System Security and Compliance

• Conduct security reviews, system hardening checks, and risk assessments based on recognised benchmarks (e.g. CIS).
• Develop and maintain hardening baselines and SOPs, perform compliance reviews, and ensure timely remediation of findings.

Security Monitoring and Incident Response

• Monitor phishing, malware, vulnerability scans, and penetration test results in accordance with SOPs.
• Review CSPM findings (e.g. Cloudscape), manage suppression expiry, assess false positives, and follow up with system and infrastructure teams.
• Track remediation status and escalate issues where required.

Technical Support and Governance

• Provide vulnerability monitoring, mitigation recommendations, and security advice for new projects.
• Perform risk-based prioritisation, manage governance compliance tools, and respond to audit RFIs.

Reporting and Training

• Produce monthly security reports highlighting progress and outstanding risks.
• Coordinate and deliver monthly IT security awareness training and briefings.

Qualifications

• Bachelors degree in Computer Science, IT, Cybersecurity, or related field, with recognised certifications (e.g. CISSP, CISM, CRISC, CISA).
• Minimum 2 years of cloud cybersecurity experience, including GCC environments.
• Familiarity with Azure Log Analytics, AWS CloudWatch, AWS Security Hub, and Microsoft Defender for Cloud preferred.
• Strong analytical, problem-solving, and communication skills.

General Requirements

• Strong collaboration skills to ensure effective coordination across specialised security roles.