IT Security & IT Governance Officer

1. IT Security Operations

• Monitor and implement IT security standards in alignment with internal policies and regulatory requirements.

• Perform daily review of security logs and coordinate investigation of suspicious activities.

• Manage User Access Lifecycle: creation, modification, deactivation, and periodic access reconciliation.

• Review and approve system access requests (e.g., PAM, internal applications) based on security matrices.

2. IT Governance & Compliance

• Manage and monitor Qualys vulnerability scanning platform, ensuring timely scanning, assessment, classification, and reporting of discovered vulnerabilities.

• Coordinate vulnerability remediation with IT Infrastructure and Application teams; track progress and follow up until closure.

• Support internal/external audits and ensure adherence to regulatory and governance frameworks.

• Ensure compliance with Personal Data Protection regulations and internal privacy policies.

Vulnerability & Risk Management

• Operate and monitor Qualys or similar platforms for vulnerability scanning and reporting.

• Track remediation progress with IT teams; escalate critical vulnerabilities when needed.

• Support patch management compliance and baseline security checks.

3. User Support & Security Awareness

• Conduct security training for new joiners and raise awareness on phishing and email security.

• Guide users on safe system usage and security best practices.

1. Qualifications & Experience

• Experience in IT Security Operations, Governance, Compliance, or related roles, preferably in banking/finance.

• Knowledge of vulnerability management tools (e.g., Qualys) and access control principles.

• Understanding of Personal Data Protection regulations.

2.Skills

• Strong analytical, detail-oriented, and process-driven mindset.

• Excellent written and spoken English communication skills, especially in technical documentation and user coordination.

• Ability to collaborate across teams and work independently under compliance-driven environments.

Preferred

• Relevant certifications: Security+, CEH, ISO 27001, or Privacy certifications (CIPP/E, CIPM) are an advantage.