Senior IT Security Specialist

Purpose

• As a Senior IT Security Specialist, you develop and implement advanced security strategies to protect the organization's information systems. Conduct risk assessments, manage security incidents, and ensure compliance with security standards. Collaborate with stakeholders to enhance overall IT security posture.

Responsibilities

• Develop and Implement Security Strategies: Lead the development and implementation of IT security strategies and policies to protect the organization's information systems and data assets.
• Conduct Security Assessments: Perform regular security assessments, vulnerability testing, and risk analysis to identify potential threats and weaknesses in the IT infrastructure.
• Incident Response Management: Develop and manage incident response plans and procedures, ensuring timely and effective resolution of security incidents and breaches.
• Compliance and Regulatory Adherence: Ensure compliance with relevant security standards, laws, and regulations such as GDPR, HIPAA, and ISO 27001. Regularly review and update security policies to reflect changes in regulatory requirements.
• Security Awareness Training: Design and conduct security awareness training programs for employees to promote best practices and enhance the organization's overall security posture.
• Collaboration with IT and Business Units: Work closely with IT teams, business units, and senior management to integrate security measures into all aspects of IT operations and business processes.
• Security Architecture Design: Oversee the design and implementation of secure network architectures, including firewalls, intrusion detection systems, and other security technologies.
• Third-Party Risk Management: Evaluate and manage the security risks associated with third-party vendors and partners, ensuring they comply with the organization's security policies and standards.
• Monitor and Analyze Security Alerts: Continuously monitor security alerts and logs, analyze potential security events, and take appropriate actions to mitigate threats.
• Security Reporting: Prepare detailed security reports and dashboards for senior management, highlighting key security metrics, incidents, and risk mitigation activities.
• Project Leadership: Lead and participate in security-related projects, ensuring they are delivered on time, within scope, and in alignment with business objectives.
• Mentorship and Development: Mentor and guide junior security team members, providing technical expertise and fostering a culture of continuous improvement and learning.

Education

• Bachelor's Degree: A bachelor's degree in computer science, information technology, cybersecurity, or a related field is required.
• Certifications: Relevant certifications such as CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), or CEH (Certified Ethical Hacker) are preferred.
• Master's Degree: A master’s degree in cybersecurity, information technology, or a related field is preferred but not mandatory.
• Language Proficiency: Proficiency in English is essential for effective communication with team members, stakeholders, and external vendors.

Experience

• Minimum Experience: At least 7 years of experience in IT security, information security management, or a related field, with at least 3 years in a leadership or managerial role.
• Technical Skills: Proven experience in managing and overseeing IT security operations, including network security, incident response, vulnerability management, and security operations center (SOC) activities.
• Knowledge Areas:
• Strong understanding of security frameworks and standards such as ISO 27001, NIST, and GDPR.
• Experience with security technologies including firewalls, intrusion detection/prevention systems, antivirus software, and encryption tools.
• Project Management: Experience in defining and implementing IT security policies and procedures, managing security projects, and ensuring compliance with industry standards and regulatory requirements.
• Incident Management: Demonstrated ability to manage security incidents, conduct forensic investigations, and implement corrective actions to prevent recurrence.
• Team Leadership: Strong leadership and team-building skills, with the ability to mentor and develop junior security professionals.
• Communication Skills: Excellent communication and interpersonal skills, with the ability to liaise effectively with stakeholders at all levels of the organization.
• Certifications: Certifications such as CISSP, CISM, or CEH are preferred.
• Continuous Improvement: Commitment to continuous learning and professional development in the field of cybersecurity.

Functional Competencies