IT Security Officer (ITSO)

We are hiring a team of IT Security Officers (ITSOs) to act as security subject matter experts supporting System Managers and the Board’s Cybersecurity team. The team will oversee IT security operations, compliance, and risk management across on-premise and cloud environments (including GDC, GCC, GCC+). Each ITSO will focus on specialised security domains while working collaboratively to ensure end-to-end coverage.


Key Responsibilities

System Security & Compliance

• Conduct security reviews, system hardening checks, and risk assessments based on standards such as CIS Benchmarks
• Develop, review, and maintain security baselines, SOPs, and hardening documentation
• Perform compliance reviews, track findings, and ensure timely remediation

Security Monitoring & Incident Support

• Monitor and respond to security alerts (e.g. phishing, malware, endpoint alerts)
• Support vulnerability scans, penetration tests, and audit activities
• Coordinate malware scanning and incident handling following established SOPs

Cloud Security & Risk Management

• Work with Cloud Security Engineers on CSPM findings (e.g. Cloudscape, in-house tools)
• Review CSPM alerts, assess validity (including false positives), and follow up with System Managers and infrastructure teams
• Track remediation status, manage suppressions, and escalate unresolved risks
• Provide risk-based prioritisation and recommendations for security issues

Governance, Reporting & Advisory

• Provide security advice for new systems, projects, and enhancements
• Update governance and compliance tools with accurate risk and remediation data
• Respond to audit RFIs related to security monitoring
• Prepare monthly security reports highlighting progress and outstanding risks

Training & Awareness

• Coordinate and deliver monthly IT security awareness training and briefings

Qualifications & Experience

• Bachelor’s degree in Computer Science, IT, Cybersecurity, or related field
• Minimum 2 years’ experience in cloud cybersecurity (cloud and on-prem environments), preferably in GCC
• At least one recognised security certification (e.g. CISSP, CISM, CRISC, CISA)
• Familiarity with security tools such as Azure Log Analytics, AWS CloudWatch, AWS Security Hub, Microsoft Defender for Cloud
• Strong analytical, communication, and stakeholder-management skills
• Strong collaboration skills and ability to work across multiple security domains and teams