Primary Objectives of Position

Manage security operation to ensure the safe use of IT systems and assets as well as protect against cybersecurity threats.

Manage various stages of projects in conception and initiation, planning, execution, performance/ monitoring, and project closure.

Job Responsibilities

• Establish, implement and maintain a sustainable information security framework that effectively addresses evolving and diverse cybersecurity threats.
• Perform risk assessments on Information, Operational and Assistive Technologies for vulnerabilities and implement security controls to reduce identified risks to an acceptable level.
• Monitor security alerts/ logs from IT systems, network and applications against baselines and gather publicly available information to identify precursors or indicators of cybersecurity attacks.
• Contain and eradicate cybersecurity incident effectively to prevent recurrence and restore systems and recover normal operations as quickly as possible.
• Hold lessons learned meetings to help improve security measures and incident handling process.
• Publish security advisories, conduct security workshops and share lessons learned to improve users' awareness regarding cybersecurity matters.
• Perform information security audits to determine security violations and inefficiencies and recommend effective security controls.
• Oversee information security investigations with internal team, funders and local authorities and/ or 3rd party providers.
• Participate in various meetings and share compliance/ performance reports and audit findings to Management teams.
• Undertake information security related projects.

The above activities are no means exhaustive and are subjected to amendment whenever is needed .

Job Specifications

Minimum Education / Qualifications

• Degree in Information systems or equivalent

Minimum Years of Relevant Experience

• 2 or more years' experiences in setting up and managing information security operations.

Knowledge/Skills

• Familiar with ISO27001 ISMS, NIST and/ or CIS frameworks.
• Experiences in incident handling and understanding in digital forensic investigation, tools and processes.
• Experiences in security protections, practices or solutions like Firewall, IDS/ IPS, DLP, WAF, NAC, WiFi security, encryption, patch management, etc.
• CISA, CISM, CISSP and/ or PMP certifications will be an advantage.
• Knowledgeable in Microsoft Office and other Windows and web applications.

Attributes (functional or leadership competencies)

• Meticulous and hands on.
• Excellent communication and written skills.
• Strong analytical and problem-solving skills.
• Team player with excellent interpersonal skills and multi-tasker.
• Customer-centric and proactive