Job Purpose
The IT Security Manager will be a key member of the Bloom Holding IT department and responsible for overseeing and coordinating all security measures to protect the organization's sensitive information, data, network and systems.
The role involves creating and implementing security policies, procedures, and ensuring compliance with industry standards and legal regulations. Requires hands-on technical skills to evaluate, deploy, monitor, and troubleshoot security systems and maintain compliance with organization’s security policies and regulations. Handle security incidents and proactively ensure preventive controls and robust security posture across the organization.
Key Accountabilities
- Develop policies, procedures, and standards that safeguard the organization's assets.
- Identify security risks and vulnerabilities across IT systems, network and data.
- Develop and implement mitigation strategies for identified risks.
- Coordinate and manage internal and external audits related to information security and prepare reports on findings and recommendations.
- Ensure the audit recommendations addressed are implemented within the committed timelines.
- Ability to develop and implement quick responses to security breaches while ensuring minimal impact on the business.
- Lead & guide teams in the event of security breaches or incidents.
- Regularly monitor and analyze security alerts and events to take proactive & preventive controls.
- Design and implement company-wide security awareness training to educate staff on best practices and cybersecurity risks.
- Conduct regular phishing tests and other simulations to evaluate employee readiness for real-world cyber threats.
- Strong knowledge of cybersecurity technologies, cryptography, network security, cloud security, and system hardening.
- Proficiency in analyzing security logs and interpreting potential threats.
- Regularly review and update security policies to ensure they remain effective and relevant to emerging threats.
- Develop standard documents for system hardening based on CIS standards and reduce the attack surface of systems and networks.
- Experience with vulnerability assessment tools (e.g., Nessus, Qualys) and familiarity with penetration testing methodologies.
- Work with relevant teams to regularly conduct penetration tests and vulnerability scans to identify and address weaknesses in systems before attackers exploit them.
- Maintain awareness of updates, patches, and ensure the team is executing periodic patches, upgrades and changes to ensure the security posture of the systems are maintained optimal.
- Maintain the landscape of the security components across the organization including, Antivirus, EDR, Encryption solutions, Data Classification, DLP, WAAP, Firewalls, VPN, IPS, Email Security, Digital Risk Protection, SIEM, NAC, M365 Security, Conditional Access, Secure Score, CASB, Cloud Security, IAM, etc.
- Handson experience on these solutions would be an added advantage.
- Lead in evaluation, selection, and deployment of relevant security tools.
Educational Requirements / Other Qualifications
- Bachelor’s Degree in any computer stream (10 Yrs)
- An accredited specialized certificate in information security, such as: CISSP Certification (Certified Information Systems Security Professional), CISM (Certified Information Security Manager) would be an advantage.
