Develop and maintain IT security policies and action plans, reviewing them at least annually or as required by the Customer.
Evaluate and recommend IT security products and solutions for implementation within the Customer's IT infrastructure.
Implement and manage risk assessment methodologies, ensuring compliance with relevant service management requirements and industry standards.
Develop and implement security management frameworks and governance structures as specified by the Customer.
Establish and manage IT Security Incident Management processes, including
detection, response, and handling of security incidents according to Customer guidelines.
Collaborate with external partners and suppliers to resolve IT security incidents effectively.
Participate in and contribute to industry-wide IT security incident response simulations and technical assessment exercises.
Conduct forensic investigations when required, including secure disk image acquisition and analysis within specified timeframes.
Monitor, analyse, and report on emerging security threats, vulnerabilities, and solutions relevant to the Customer's IT infrastructure.
Conduct regular meetings with key stakeholders to highlight security issues and propose improvements to the Customer's IT infrastructure.
Liaise and coordinate with external suppliers, security organisations, and the Government on IT security matters related to the Customer's infrastructure.
Perform additional activities as necessary to secure the Customer's IT infrastructure.
Review and follow up on security reports generated from central security tools, providing timely updates to the Customer.
Manage the inventory of IT assets to be monitored by central security tools, ensuring compliance and proper onboarding of servers, networks, and databases.
Qualifications:
Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field
Proven experience in IT security, with a focus on infrastructure security
Strong understanding of information security principles, best practices, and relevant regulations
Experience with a range of security tools and technologies
Familiarity with forensic investigation techniques and tools
Excellent analytical and problem-solving skills
Strong written and verbal communication skills
Ability to work effectively both independently and in a team environment
Experience in liaising with external partners and suppliers on security matters
Desired Certifications:
Certified Information Systems Security Professional (CISSP)
Certified Information Security Manager (CISM)
GIAC Certified Incident Handler (GCIH)