IT Security Lead

Job description POSITION SUMMARY The ICT Security Lead is responsible for safeguarding the organization’s information systems, data, and digital infrastructure against cyber threats. This role leads the development, implementation, and continuous improvement of cybersecurity strategies, policies, and controls to ensure confidentiality, integrity, and availability of IT assets in alignment with business goals and regulatory requirements. DUTIES AND RESPONSIBILITIES Security Strategy & Governance Develop, maintain, and enforce the organization’s cybersecurity policies, standards, and procedures. Align security initiatives with business objectives and regulatory requirements (e.g., Data Privacy Act, ISO 27001, NIST). Conduct regular risk assessments and security audits to identify vulnerabilities and recommend remediation plans. Threat & Incident Management Monitor networks, systems, and endpoints for suspicious activity using SIEM and other security tools. Lead incident response efforts in the event of a security breach or cyberattack, including investigation, containment, and recovery. Maintain and test the Incident Response Plan (IRP) through tabletop exercises and simulations. Infrastructure & Access Security Oversee the secure configuration of firewalls, intrusion detection/prevention systems (IDS/IPS), endpoint protection, and identity & access management (IAM). Enforce the principle of least privilege and manage user access controls across systems and applications. Ensure secure deployment of cloud services, on-premises infrastructure, and remote access solutions. Compliance & Awareness Ensure compliance with national and international data protection and cybersecurity regulations. Coordinate with the Data Protection Officer (DPO) on privacy-related security measures. Deliver regular security awareness training and phishing simulations for employees. Vendor & Third-Party Risk Assess the security posture of third‑party vendors and service providers. Review and validate security clauses in IT contracts and service‑level agreements (SLAs). Continuous Improvement Stay updated on emerging threats, attack vectors, and security technologies. Recommend and implement security enhancements based on industry best practices and threat intelligence. COMPETENCIES Technical Expertise: In-depth knowledge of network security, endpoint protection, encryption, IAM, cloud security (AWS/Azure), and security monitoring tools. Risk Management: Strong ability to identify, assess, and mitigate IT and cyber risks. Problem‑Solving: Analytical mindset with the ability to respond effectively under pressure during security incidents. Communication: Clear and effective in conveying technical security concepts to both technical and non‑technical stakeholders. Leadership: Ability to guide and influence cross‑functional teams toward a security‑conscious culture. Compliance Orientation: Thorough understanding of local and international data protection and cybersecurity regulations. Attention to Detail: Meticulous in policy enforcement, configuration management, and audit preparation. EDUCATION Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, Information Systems, or a related field. Master’s degree or relevant professional certifications (e.g., CISSP, CISM, CEH, CompTIA Security+, ISO 27001 Lead Auditor/Implementer) are highly preferred. EXPERIENCE Minimum of 5 years of progressive experience in IT security, with at least 2–3 years in a leadership or senior specialist role. Proven track record in managing enterprise‑wide cybersecurity programs, incident response, and security operations. Job Type: Full‑time Benefits Paid training Pay raise #J-18808-Ljbffr