Information Security Officer

We are seeking a strategic yet hands-on Information Security Officer to join our growing cyber security function. This role bridges security governance with practical technical implementation ensuring that security requirements are translated into effective, real-world controls.

You will strengthen the organization’s security posture by designing, implementing and validating security controls aligned with regulatory, business and technology requirements. You will work closely with internal stakeholders across IT and business units and, where applicable, support client engagements as a trusted security advisor.

This role focusses primarily on technical security implementation, control effectiveness, and risk reduction, rather than people management or purely policy-driven work.

1. Information Security Framework & Procedures

• Collaborate with Information Security (InfoSec) Department to interpret security policies and translate them into practical, organization-wide procedures.
• Design, document and maintain standardized security processes aligned with internal policies and external standards (e.g. ISO 27001, SS 714:2025).
• Ensure Security procedures are pragmatic, scalable, and adopted across business units.
• Continuously review and improve procedures to reflect changes in technology, risk landscape, and regulatory requirements.

1. Security Review & Technical Assessment

• Assess gaps between current security practices and defined security benchmarks and drive hands-on improvements.
• Perform relevant security assessments such as configuration reviews, vulnerability assessments and control effectiveness reviews.
• Review and refine existing security and operational procedures to ensure effectiveness and scalability.
• Lead the implementation and rollout of new or updated security controls and procedures, ensuring smooth integration into existing technical and operational workflows.
• Validate that implemented controls meet policy and regulatory requirements, maintaining appropriate documentation for audit, assurance and continuous improvement purposes.

1. Stakeholder Enablement & Advisory

• Act as the subject matter expert for information security across the organization and on client projects where applicable.
• Communicate security risks, trade-offs and recommendations clearly to both technical and non-technical stakeholders.
• Deliver targeted security awareness and training sessions to improve organizational cybersecurity maturity.
• Mentor and support process owners and system owners to ensure long-term ownership and sustainable execution of security controls.

1. IT Collaboration & MIS Security Oversight

• Collaborate closely with IT, infrastructure, application and MIS teams.
• Periodically assess MIS-related systems, process, and data flows from an information security and risk perspective.
• Advise IT and MIS stakeholders on security control design, configuration hardening, and risk mitigation measures.
• Validate that MIS solutions and system implementations align with organizational security policies, approved architectures, and regulatory requirements.
• From time to time, support or assist with MIS-related tasks and initiatives where security input or technical understanding is required, particularly during system changes, reviews, or implementation.

Required Qualifications & Skills

• Demonstrated experience in information security, cybersecurity risk management, IT risk or IT audit, with hands-on involvement in implementation or validating security controls.
• Experience working in complex IT environments involving multiple systems, platforms, or regulatory requirements.
• Working experience with implementation and maintenance of solutions such as Microsoft Intune/Entra, Apple Business Manager, Wazuh is highly advantages.

• Strong understanding of cybersecurity principles, security architectures, risk management concepts, and control frameworks.
• Practical experience applying security standards and frameworks such as ISO 27001 or equivalent.

• Ability to explain security concepts, risks, and requirements clearly to business leaders, technical teams, and cross-functional teams.
• Comfortable influencing without direct authority and working collaboratively across teams.

• Security certifications such as CISA, CISM, CISSP or equivalent practical experience designing, implementing, and assessing security controls in real-world environments.

• Strong ability to analyse complex environments, identify hidden security or compliance risks, and recommended pragmatic, risk-based solutions.
• Detail-oriented, with the ability to balance security rigor with business practicality.

• Security policies are translated into controls and procedures that are consistently implement and understood across the organization.
• Security gaps are proactively identified, prioritized, and remediated.
• MIS and IT system demonstrate measurable improvement in security posture and audit readiness.
• Stakeholders view the Information Security Officer as a trusted advisor who enables secure and scalable business operations.