Job Responsibilities

We are seeking a proactive and experienced Senior IT Consultant (Cybersecurity) to strengthen the organization’s cybersecurity posture and safeguard its digital assets. This role is responsible for providing strategic and technical cybersecurity expertise, including security governance, risk management, threat monitoring, and incident response.

Key Responsibilities:

ICT Security Policy Development

• Develop, review, and maintain IT security policies, standards, guidelines, and procedures aligned with industry frameworks such as CIS benchmarks.
• Collaborate with IT, risk, and compliance teams to ensure security policies are implemented consistently across systems and platforms.
• Establish and maintain system hardening standards for servers, endpoints, cloud services, and network infrastructure.
• Ensure security policies remain updated with emerging threats, regulatory changes, and technological developments.

ICT Security Governance and Compliance

• Support cybersecurity governance activities and ensure alignment with organizational security frameworks and regulatory requirements.
• Manage and coordinate IT security audits, risk assessments, and compliance reviews.
• Track remediation of identified vulnerabilities, audit findings, and security exceptions.
• Monitor compliance with cybersecurity standards and regulatory requirements.
• Develop and maintain security posture baselines and key security metrics.
• Participate in enterprise risk management activities related to cybersecurity.

Information and Cybersecurity Risk Management

• Conduct security assessments, vulnerability assessments (VA), and penetration testing (PT) in collaboration with internal teams and external vendors.
• Perform system configuration and architecture security reviews.
• Assess risks associated with cloud services, applications, and infrastructure.
• Review vendor security practices and ensure compliance with organizational security requirements.
• Provide cybersecurity advisory services to strengthen IT controls, system architecture, and security safeguards.

ICT Security Operations

• Monitor and respond to security incidents and threats across enterprise environments.
• Investigate suspicious activities through security monitoring platforms such as Microsoft 365 Security, SIEM platforms, and Endpoint Detection & Response (EDR) tools.
• Coordinate incident response activities, including containment, investigation, and remediation.
• Ensure timely deployment of security patches, updates, and vulnerability remediation.
• Perform regular reviews of security logs, firewall rules, and access controls.
• Implement and support security initiatives, threat detection capabilities, and security automation improvements.

Security Awareness and Advisory

• Promote cybersecurity awareness across the organization by conducting security training, workshops, and awareness programs.
• Provide guidance to project teams on secure system design, secure coding practices, and risk mitigation strategies.
• Support integration of security-by-design and privacy-by-design principles in IT initiatives.

Documentation and Reporting

• Maintain comprehensive documentation of security incidents, risk assessments, and remediation activities.
• Prepare and present cybersecurity reports, dashboards, and risk summaries to IT management and stakeholders.
• Track security performance metrics and continuously recommend improvements. 

Job Requirements

Education and Experience

• Tertiary Education in Cybersecurity, Computer Science, Information Security, Information Systems, or related discipline.
• Minimum 5–8 years of experience in cybersecurity, IT security, or information security consulting.
• Hands-on experience in security operations, vulnerability management, incident response, or security governance.

Professional Certifications (Preferred)

One or more of the following certifications is highly desirable:

• CISSP – Certified Information Systems Security Professional
• CISM – Certified Information Security Manager
• CompTIA Security+
• CEH – Certified Ethical Hacker
• CCSP – Certified Cloud Security Professional
• GIAC security certifications

Technical Skills

• Strong knowledge of enterprise cybersecurity architecture and security controls.
• Experience with Microsoft 365 Security, Azure Security, and cloud security practices.
• Hands-on experience with Endpoint Detection & Response (EDR) platforms such as CrowdStrike or Microsoft Defender.
• Familiarity with SIEM platforms (e.g., Microsoft Sentinel, Splunk).
• Knowledge of network security technologies, including firewalls, IDS/IPS, VPN, and secure gateways.
• Strong understanding of identity and access management (IAM), multi-factor authentication (MFA), and privileged access management (PAM).
• Knowledge of system hardening standards and security baselines.
• Understanding of security frameworks and standards, including:
• ISO/IEC 27001, NIST Cybersecurity Framework, CIS Critical Security Controls
• Familiarity with cloud security concepts, container security, and modern DevSecOps practices is an advantage.

Soft Skills

• Strong analytical and critical thinking skills with the ability to assess complex security risks.
• Excellent communication and presentation skills to convey technical security issues to non-technical stakeholders.
• Strong organizational and project management skills with the ability to manage multiple security initiatives.
• Ability to work effectively both independently and collaboratively within cross-functional teams.
• Strong problem-solving and investigative skills for security incidents and threat analysis.
• High attention to detail and strong documentation skills.

Desired Attributes

• Proactive mindset with a strong focus on continuous security improvement.
• Passion for staying updated with emerging cyber threats, attack techniques, and defensive technologies.
• Ability to balance security requirements with business needs.
• Ability to collaborate effectively with team members, vendors, and stakeholders to support and achieve cybersecurity objectives.
• Strong capability to coordinate with managed service providers, vendors, and external security consultants to ensure effective delivery of security services.
• Strong sense of integrity, accountability, and confidentiality.
• Self-motivated with the ability to adapt in a fast-evolving cybersecurity landscape.