Overview
The ICT Security Operations Officer is responsible for the implementation, operation, and maintenance of cybersecurity controls and security systems across the organization, acting as part of the first line of defence.
Key Responsibilities
- Lead delivery of technical enterprise services across infrastructure security, application security, network security, security incidents monitoring & response, and threat and vulnerability management domains.
- Assure management and optimal configuration of the technical tools portfolio for SIEM, EDR, vulnerability analysis and mitigation, and systems hardening tools, IPS, WAF, as well as related capabilities.
- Oversee secure implementation of the enterprise capabilities operating in a hybrid multi-cloud infrastructure environment.
- Operate AI security monitoring and enforcement controls for enterprise AI workloads and platforms.
- Operate enterprise data protection controls, including data classification, sensitivity labeling, DLP enforcement, and encryption mechanisms.
- Perform continuous security monitoring, incident detection, triage, and response activities.
- Execute vulnerability management processes, including scanning, tracking, validation, and remediation.
- Develop security baselines for platforms, services and capabilities.
- Monitor secure and correct operation of Enterprise Backup systems, and lead restore and disaster recovery drills.
- Provide regular updates to the Risk Management and Compliance Unit on action plans against relevant cybersecurity incidents or trends.
- Maintain the COR/DIT Risk Mitigation Plan up to date.
- Develop and lead the implementation of strategic, long-term improvements for security management services and capabilities.
- Backstop and monitor the delivery of 3rd-party services, in particular managed security service providers (MSSP) services.
- Deliver operational functions supporting relevant policies and guidelines.
- Analyze security events, vulnerabilities and trends, and provide operational recommendations.
- Contribute to an enabling and secure ICT environment.
- Collaborate with ICT teams, oversight and compliance functions and relevant stakeholders.
- Perform other related duties and assignments as required.
Required Experience
- A minimum of professional experience associated with the educational level is required, as follows: First‑level university degree (Bachelor’s): at least 8 years of relevant professional experience; Advanced university degree (Master’s): at least 5 years of relevant professional experience; Doctorate: at least 3 years of relevant professional experience.
- Professional experience as a systems and/or security engineering in an Enterprise ICT enterprise environment out of which three (3) years of experience in hands-on configuration, administration and troubleshooting in cybersecurity and ICT Infrastructure contexts is required.
- Hands-on experience with cloud security operations, including cloud security posture management (CSPM), identity and access monitoring, and remediation of misconfigurations in enterprise or hybrid environments, is required.
- Experience with standard operational procedure development, implementation, and compliance is required.
- Hands-on experience with security protection systems, tools and techniques (e.g. firewalls, proxies) is required.
- Hands-on experience in security monitoring, threat detection, incident response operations, and vulnerability management is required.
- Experience with security operations technologies, including Security Information and Event Management (SIEM), Security Operations Center (SOC) platforms, endpoint detection and response (EDR), intrusion prevention systems (IPS), web application firewalls (WAF), and email security systems, is required.
- Hands-on experience with application security operations, including vulnerability scanning and use of SAST/DAST tools, is required.
- Operational monitoring of enterprise AI systems, detecting anomalous or malicious interactions, and enforcing secure AI usage policies, is desirable.
- Experience in contracting and overseeing service delivery of Managed Security Service Providers (MSSP) is desirable.
- Experience in information security forensics (concepts and tools) is desirable.
- Experience with ISO 27001 with relevant certifications is desirable.
- Accredited Certification in Project Management, such as PMP or Prince2, is desirable.
- Accredited Certification in ITSM, such as ITIL (v4 or v5), is desirable.
- Certification in any security operations or incident response, such as GIAC GCIH (Incident Handler), GCIA (Intrusion Analyst), GMON (Continuous Monitoring), GSOC (Security Operations), Microsoft SC‑200 (Security Operations Analyst), or equivalent is desirable.
- Cloud security certification in any, such as Microsoft AZ‑500 (Azure Security Engineer), AWS Certified Security – Specialty, Google Professional Cloud Security Engineer, CCSP (Certified Cloud Security Professional), or equivalent is desirable.
- Certification in Digital forensics and incident response (e.g. GIAC GCFA) is desirable.
- Certification in Application and software security (e.g. CASE, OSWE) is desirable.
Qualifications
- A first‑level university degree (Bachelor’s or equivalent) in Information Security, Computer Science, IT Management, Engineering, or in a related field with a specialization related to cybersecurity / information security / ICT security is required.
- An advanced university degree (Master’s or equivalent) or a Doctorate in the same fields are accepted with a reduced requirement for years of professional experience.
