We are seeking a IT Risk Candidate who will play a critical role in improving and enhancing our organization's IT security posture. The role requires the candidate to ensure the effective implementation of security measures, conduct risk assessments, and develop security policies alongside our Managed Security Services Provider (“MSSP”). The successful candidate will initially serve as an individual contributor with the potential to lead a team in the future.
Key Responsibilities
- Risk Management
Conduct comprehensive IT risk assessments and develop risk mitigation strategies.
Identify and evaluate emerging security threats and vulnerabilities, providing recommendations for remediation.
Collaborate with various departments to assess and manage IT risks across the organization. - Security Operations
Monitor and respond to security incidents promptly with the assistance of our MSSP.
Oversee the implementation and maintenance of security technologies, including firewalls, intrusion detection/prevention systems, and endpoint protection.
Ensure compliance with security policies, standards, and regulations, including those mandated by the relevant financial regulators. - Policy Development and Compliance
Develop, implement, and maintain IT security policies, procedures, and standards.
Conduct regular security audits and assessments to ensure compliance with internal and external requirements.
Provide guidance on regulatory requirements related to IT security (e.g., GDPR, PDPA). - Incident Response
Lead incident response efforts, including investigation, containment, and remediation of security incidents.
Coordinate with internal and external stakeholders to ensure timely resolution of security incidents.
Develop and maintain incident response plans and playbooks. - Cloud Security
Ensure robust cybersecurity measures for the organization’s adopted cloud technologies.
Develop and implement security controls and best practices for cloud environments.
Conduct regular assessments and audits of cloud security posture. - Awareness and Training
Promote security awareness across the organization through training and communication initiatives.
Stay current with industry trends and best practices in IT security and risk management.
Requirements
- Bachelor’s degree in Computer Science, Information Technology, or a related field.
- 3+ years of experience in IT security and risk management.
- Excellent communication and interpersonal skills, with the ability to work collaboratively with cross-functional teams.
- Good understanding of cybersecurity for cloud technology.
Nice-to-Haves
- Experience working with MSSP vendors.
- Relevant certifications (e.g., CISSP, CISM) are highly desirable.
- Experience and familiarity with cloud security and risk management (e.g. AWS, Azure).
- Strong analytical and problem-solving skills.
- Familiarity with regulatory guidelines.
- Knowledge of security frameworks and standards (e.g., NIST, ISO 27001, CIS).
- Experience with security technologies such as SIEM, IDS/IPS, firewalls, and endpoint protection.