IT Consultant / Senior IT Consultant (Infra/Cybersecurity)

We are seeking a proactive and detail-oriented Cybersecurity Specialist to join our IT team. This full-time Cybersecurity Specialist will be instrumental in protecting the organization’s digital infrastructure by identifying, analyzing, and mitigating potential security threats. The ideal candidate will have a deep understanding of cybersecurity principles, tools, and technologies, as well as a passion for continuously improving security practices and educating others on best practices.

Responsibilities:

ICT Security Policy Development

1. IT Policy and Standards reviews and updates.
2. Collaborate with the IT team to establish and update security policies, standards, and procedures across the organization.

ICT Security Governance and Compliance

1. Manage IT audits and ensure compliance to security mandates.
2. Develop and maintain Hardening Standards for ICT systems.
3. Track and ensure closures of security risk assessments, non-compliances and waiver requests.
4. Review and improve organization’s security posture.
5. Establish security posture baselines.

Information and Cybersecurity Management

1. Monitor and report status on security testing (e.g. patch, VA etc).
2. Conduct Security reviews such as System Configuration Review, Vulnerability Assessments (VA), Penetration Test (PT).
3. Ensure vendor’s implementation of security measures such as security audit logs.
4. Provide security advice to help strengthen ICT control measures and safeguards.

ICT Security Operations

1. Manage organization’s security incidents.
2. Monitor and investigate reported system security events in O365 Security and Crowdstrike.
3. Ensure timely deployment of security patches and updates.
4. Coordinate review activities (log review, firewall rules review), investigate suspicious activities and report to IT Management team.
5. Implement ICT security initiatives and security requirements.
6. Educate employees on security awareness and best practices to foster a security-conscious culture.

Documentation and Reporting

1. Maintain detailed documentation of security incidents, produce regular security status reports, and communicate findings to management.

Qualification:

Education and working experience:

1. Tertiary Education in Cybersecurity, Computer Science or equivalent (e.g. Information Systems).
2. Relevant certifications (e.g., CISSP, CISM, CompTIA Security+, CEH) are highly preferred.
3. Preferably 5 years of experience in the IT Cybersecurity domain.
4. Experience in incident response, and knowing threat intelligence is a plus.

Technical skill:

1. Possess knowledge and experience in Office 365.
2. Proficiency in cybersecurity tools such as firewalls and endpoint detection and response solutions.
3. Strong knowledge of system and network security protocols, encryption methods, and authentication techniques.
4. Knowledge of security processes, privacy, risk and compliance concepts, practices, and procedures.

Soft skill:

1. Excellent communication abilities, and a keen eye for detail.
2. Balanced, clear judgment and flexible thinking. Strong critical thinking at both abstract and concrete levels and good knowledge of business processes.
3. Organizational skills to multitask, estimate resource needs and dependencies, and deliver on time.
4. A team player with strong organization and people handling skills.

Desired Attributes:

1. Ability to work independently as well as part of a team.
2. A proactive approach to identifying and mitigating risks.
3. Willingness to stay updated on the latest cybersecurity trends and threats.