IT Security Lead

The IT Security, Lead ensures the safeguarding and protection of Transmed business infrastructure and systems, and responsible for supporting the information security efforts, programs and projects. The Lead, plays a critical role in protecting Transmed data and services from security threats, implementing and maintaining all necessary security measures, and ensuring the compliance with relevant business security policies, audits and regulations.

Role Purpose, Key Responsibilities & Duties:

• Develop and implement identity access management (IAM) processes, solutions and technologies, enforce access controls and user provisioning/deprovisioning procedures
  

• Establish and enforce security policies, procedures, standards, and ensures compliance with relevant industry regulations and standards such as ISO 27001 and relevant others
  

• Identify and assess security risks and vulnerabilities, develop and implement risk mitigation strategies and controls
  

• Implement encryption mechanisms to protect sensitive data at rest and in transit, collaborate with business and IT teams to ensure appropriate encryption and access control configurations
  

• Conduct regular security testing, including vulnerability assessments and penetration testing, collaborate with IT and business to remediate identified security vulnerabilities
  

• Plan and execute security drills to test incident response and disaster recovery procedures, monitor and track security testing results to identify trends and improvement areas
  

• Monitor and analyze security logs and alerts to identify anomalous activities, collaborate with IT and business stakeholders to investigate and respond to security incidents
  

• Deploy and update end-point protection software and policies, monitor effectiveness and address any identified issues
• Collaborate with network teams to configure and optimize firewall and intrusion detection systems, monitor and analyze firewall and intrusion detection logs for security incidents and policy violations
  

• Develop and maintain an incident response plan, lead the response to security incidents, including investigation and resolution
  

• Support the selection, deployment, and management of security technologies and tools such as firewalls, intrusion detection systems, antivirus, and relevant others
  

• Manage security incident and event management (SIEM) processes, define and enforce incident response procedures and workflows
  

• Collaborate with business and IT teams to investigate and mitigate security incidents, conduct post-incident reviews to identify lessons learned and improve incident response capabilities
  

• Ensure that security systems are properly configured and updated, coordinate and participate in security audits and assessments, implement recommendations from audits to improve security posture
  

• Monitor and analyze security logs and alerts to identify anomalous activities, collaborate with business and IT teams to investigate and respond to security incidents
  

• Own, support and resolves business IT incidents response actions, procedures and SLAs
  

• Support security patch management processes, identify, test, and deploy security patches and updates, ensure compliance with patch management policies and schedules
  

• Prepare and present security reports and updates to IT leadership and business senior management and stakeholders, communicate security risks and issues resolution effectively
  

• Support the evaluation and selection of third-party vendors and partners, contribute to effective Transmed business IT security budget, including planning and cost control
  

• Promote a culture of security awareness and best practices, conduct security awareness programs, collaborate with HR and Communications teams to promote Transmed security-conscious culture
  

• Perform other relevant duties as required by the Transmed business needs and priorities

Key Competencies & Skills:

• Strong experience in information security, including lead and managerial roles
  

• Strong understanding of infrastructure, network and systems security, cryptography, and security protocols, cloud security and technologies
  

• Experience with vulnerability assessment and penetration testing tools and methodologies
  

• Project management skills to oversee security initiatives and ensure they are completed on time and within budget
  

• Effective reporting, written, verbal and documentation skills, conveying complex security concepts to non-technical stakeholders
  

• Strong analytical skills to assess security risks, identify vulnerabilities, develop and execute mitigation strategies
  

• Strong problem-solving, data and evidence-based decision-making skills, especially in high-pressure situations
  

• Strong knowledge of information technology software applications, operating systems, databases, and network
  

• Ability to analyze and resolve technical issues efficiently, making decisions based on available information
  

• Excellent interpersonal skills, patience, and ability to communicate technical information clearly to non-technical users
  

• Effective prioritization and time management skills to handle multiple support requests simultaneously
  

• Flexibility to adapt to changing technologies, work environments, and user needs
  

• Collaborative attitude and willingness to work as part of a team to achieve collective goals
  

• Meticulous approach to resolving IT security challenges and problems and ensuring accuracy in problems identification, systems, and services documentation, data accuracy and integrity
  

• Ability to communicate and promote the business value of applicable IT security technologies, policies, standards, and procedures

Academic Education & Professional Certifications:

• Bachelor Degree or Diploma in Information Security, Cybersecurity, Computer Science, Information Systems, or related discipline
• 8+ years of experience in an Information Security environment and in providing IT security services and support to business partners in an enterprise setting
• Security certifications preferred: Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Cloud Security Professional (CCSP)
• English proficiency is a must

Operational & Managerial Experience:

• Strong interpersonal and networking skills, ability to interact with all areas of the business internally and externally
• Experience in the implementation of IT security solutions within large divisions and companies.
• Experience in FMCG business applications with an understanding of the industry and business processes (is preferred).
• Experience in project management, managing deliverables and milestones, on time, within budget, and quality performance in meeting business needs.

Technical Skills & Knowledge:

• Proven experience as an IT professional with a focus on security and risks management.
• Proven expertise in infrastructure security, cloud security, network security, operating system security, and applications security
• Strong experience in vulnerability assessment and penetration testing, encryption and cryptography
• Experience in incident response and forensics
• Experience in security standards and compliance

Language Skills:

• Fluency in English

Behavioral Competencies

• Analytical Thinking
• Teamwork & Communication
• Taking Initiative
• Planning & Organizing
• Customers Focus

Other Requirements

• Flexibility to Travel