Senior IT Security Specialist

Key Responsibilities:

• Security Strategy: Develop, implement, and maintain comprehensive IT security strategies and policies that align with the organization’s goals and regulatory requirements.
• Risk Management: Identify, assess, and prioritize potential security risks. Develop risk mitigation strategies and oversee their implementation.
• Incident Response: Lead the incident response team in the event of a security breach or cyberattack. Conduct post-incident analysis and implement measures to prevent future incidents.
• Threat Intelligence: Stay informed about the latest cybersecurity threats and trends. Implement proactive measures to protect against potential threats.
• Security Audits and Compliance: Conduct regular security audits and assessments to ensure compliance with internal policies and external regulations (e.g., GDPR, HIPAA). Prepare reports and recommendations for management.
• Vulnerability Management: Oversee the identification, analysis, and remediation of vulnerabilities in the organization’s IT infrastructure, including regular patch management and system updates.
• Security Tools and Technologies: Evaluate, implement, and manage security tools such as firewalls, intrusion detection/prevention systems (IDS/IPS), antivirus software, and encryption technologies.
• Training and Awareness: Develop and deliver security training programs to employees, promoting a culture of security awareness throughout the organization.
• Collaboration: Work closely with IT, DevOps, and other departments to ensure security is integrated into all aspects of the organization’s operations.
• Reporting: Prepare and present security reports to senior management, highlighting current security status, risks, and recommendations for improvements.
• Continuous Improvement: Stay updated with the latest industry standards, regulations, and best practices. Continuously evaluate and improve the organization's security posture.

Required Qualifications:

• Education: Bachelor’s degree in Computer Science, Information Security, Cybersecurity, or a related field.
• Experience: 7+ years of experience in IT security, with at least 3 years in a senior or lead role.
• Technical Skills:
  • In-depth knowledge of security frameworks such as ISO 27001, NIST, and CIS.
  • Extensive experience with security technologies, including firewalls, VPNs, IDS/IPS, SIEM, and encryption tools.
  • Strong understanding of network security, application security, and endpoint protection.
  • Proficiency in vulnerability management tools and practices.
  • Experience with cloud security across platforms like AWS, Azure, or Google Cloud.
  • Strong knowledge of regulatory requirements such as GDPR, HIPAA, PCI-DSS, etc.
  • Experience with penetration testing and ethical hacking methodologies.
  • Familiarity with incident response and forensic analysis tools and techniques.
• Certifications:
  • CISSP (Certified Information Systems Security Professional)
  • CISM (Certified Information Security Manager)
  • CEH (Certified Ethical Hacker) or equivalent certifications.
• Soft Skills:
  • Excellent problem-solving skills with a detail-oriented approach.
  • Strong communication and interpersonal skills, with the ability to convey complex security concepts to non-technical stakeholders.
  • Leadership skills with the ability to manage and mentor a team.
  • High level of integrity and ethical standards.
  • Ability to work under pressure and handle multiple tasks simultaneously.

Preferred Qualifications:

• Experience: Experience in a multi-cloud environment or in securing DevOps practices.
• Certifications: Additional certifications like CRISC (Certified in Risk and Information Systems Control) or CCSP (Certified Cloud Security Professional).
• Knowledge: Experience with zero-trust architecture and advanced threat modeling techniques.