Search by job, company or skills
Key Responsibilities:
Coordinate with external vendors and collaborate with customers and SaaS providers to conduct IT Security Risk Assessments. Identify security threats, assess risks, and propose mitigation strategies for approval by the customer.
Coordinate the handling of security incidents, ensuring a timely response and resolution. Maintain a robust incident response process and documentation.
Manage and coordinate regular security audits, vulnerability scans, and penetration tests. Consolidate findings, ensure proper remediation, and provide feedback to stakeholders on risk mitigation efforts.
Maintain and update all security-related documentation, including policies, procedures, standards, and best practices. Ensure compliance with security frameworks such as ISO/IEC 27001, ISO/IEC 27018, SOC 2 Type 2, and CSA-STAR (Level 2).
Continuously monitor the security posture of the SaaS solution and related ICT systems. Provide regular reports on security risks and mitigation actions to stakeholders and customers.
Oversee the remediation of security vulnerabilities identified during security assessments, ensuring that appropriate actions are taken to address risks in a timely manner.
Provide clear, concise security reports and recommendations to customers, ensuring they understand the security posture of the SaaS solution and any risks or issues that need attention.
Take on ad-hoc security tasks as required to address emerging risks or assist with specific security projects or initiatives.
Qualifications:
Minimum of 3 years of experience in IT security, particularly in enterprise systems, cloud infrastructure, or SaaS environments.
A current professional information security certification (such as CISSP, CISM, CRISC, CGEIT, GSE) or equivalent is highly desirable.
In-depth knowledge of IT security management and governance, risk assessment, incident response, vulnerability assessments, penetration testing, and security audits.
Familiarity with international security standards and frameworks such as ISO/IEC 27001, ISO/IEC 27018, CSA-STAR, SOC 2 Type 2, NIST, and CIS.
Strong interpersonal, written, and verbal communication skills, with the ability to explain complex security concepts to non-technical stakeholders.
The position requires the candidate to be based locally.
Strong problem-solving skills and the ability to make decisions under pressure.
Proven ability to work effectively with cross-functional teams and external vendors.
Attention to detail and a commitment to maintaining the highest standards of security.
Date Posted: 20/11/2024
Job ID: 100952205