Job Openings IT Officer, Network & Security

About the job IT Officer, Network & Security

Role Purpose

The role purpose of an IT Network and Security Officer is to oversee the organizations IT network to ensure robust, efficient operations while securing systems against potential cyber threats. This officer is tasked with the design, implementation, and maintenance of the IT network, servers, and software systems, ensuring they meet current and evolving business needs as well as balancing this by developing and enforcing security measures, managing vulnerabilities, and ensuring compliance with data protection laws and policies. The role also involves strategic planning for future network upgrades and security improvements, aligning with the organizational goals. Additionally, the officer promotes security awareness across the organization to enhance overall protection and response to incidents.

IT Plans, Objectives. Policies and Programs

  • Monitor adherence to IT policies through audits, ensuring regulatory compliance and security standards are maintained consistently.

Budgets

  • Develop and manage budgets for IT network projects.
  • Optimize spending on security solutions and network upgrades.
  • Prepare annual run & maintain IT network and Cybersecurity budgets.
  • Develop and manage annual technology refresh programme.

Standards, Regulations and Procedures

  • Ensure adherence to industry standards (ISO, NIST).
  • Ensure compliance and maintain an Information Security Management System (ISMS) based on the ISO/IEC 27001 standard, ensuring systematic risk management and compliance with MEs information security practices.
  • Ensure compliance with Computer Crimes Act, Communications and multimedia act, PDPA requirements for data protection and privacy, including data handling, storage, and processing practices to protect personal information and avoid legal penalties.

Technical Support

  • Infrastructure Setup and Maintenance: Responsible for the setup, configuration, and maintenance of physical network devices (routers, switches, firewalls), linked to communication, storage solutions, hosts, virtual servers, and data centres. Ensures high availability, redundancy, and scalability of the IT infrastructure incorporated with cybersecurity measures.
  • Performance Monitoring: Monitors system performance to ensure that infrastructure components are operating at peak efficiency. Uses tools to analyze traffic load and anticipates future infrastructure needs.
  • Troubleshooting and Resolution: Acts as the first point of contact for issues related to hardware and network failures. Quickly identifies and resolves issues to minimize downtime.
  • Backup and Disaster Recovery: Implements and tests backup and disaster recovery plans to safeguard data and ensure continuity of operations during and after critical incidents.
  • Software and Hardware Upgrades: Manages the deployment of software patches, updates, and hardware upgrades to maintain security standards and operational efficiency.
  • Security Monitoring: Continuously monitors IT environments using security tools like SIEM (Security Information and Event Management) to detect, analyze, and respond to potential security threats. To work closely with corporate ITS for security exposure mitigation measures and improve protection and preventive malware/virus intrusion.
  • Incident Response: Leads the response to security breaches and other cyber threats, including initiating mitigation strategies, analyzing breaches to determine their root cause, and implementing fixes.
  • Vulnerability Management: Regularly performs vulnerability assessments and penetration testing to identify and remediate security weaknesses before they can be exploited.
  • Compliance and Auditing: Ensures that the IT infrastructure complies with relevant industry standards (e.g., ISO/IEC 27001, NIST) and regulatory requirements. Prepares for and manages external and internal audits.
  • User Education and Awareness: Develops and delivers training programs focused on security best practices and awareness to help prevent security incidents attributable to human error.
  • Deploy critical security patches and antivirus updates to safeguard company systems and software
  • Vendor Management: Manages relationships with software and hardware vendors, negotiating contracts and managing SLAs (Service Level Agreements) to ensure optimal service delivery and support. Ensure the server room facility system is monitored and maintained according to scheduled plans.
  • Detect and report any instances of network security breaches or attempted breaches.
  • Research and evaluate hardware and software solutions to meet specific technical networking or security requirements.
  • Diagnose networking issues using diagnostic testing tools and equipment to pinpoint root causes.
  • Participate in IT audit exercises to evaluate system compliance and security posture.
  • Monitor network and infrastructure performance and compile periodic performance reports.
  • Conduct routine checks of backup system operations to ensure data protection within agreed service levels.

Systems Documentation

  • Network Infrastructure Documentation:
  • Includes network diagrams and server configurations detailing the organization's network topology and server specifications.
  • Prepare regular reports for but not limited to access controls, password management, and incident response protocols.
  • Outlining strategies and procedures for IT Disaster Recovery plans including process and procedures, generating DR reports, ensuring Business Continuity Plan and all related document is constantly updated.
  • Change Management Documentation: Ensuring and maintain existing procedures and protocols for managing changes to IT network and security systems, including change request forms, approval workflows, and documentation of implemented changes.
  • Producing Incident Response and Monitoring Documentation by detailing the procedures for responding to security incidents, monitoring network traffic, and logging security events.
  • Maintain and update IT hardware, software, and license inventory to ensure accurate records and efficient resource management.

Problem Resolution

  • Responsible for identifying and resolving technical issues related to network connectivity including but not limited to telecommunication from all sites, server performance, and security breaches.
  • Conduct troubleshooting, escalate complex issues as needed, and implement solutions while adhering to change management procedures.
  • Documentation of incidents and resolutions, along with post-incident analysis, enables continuous improvement, and they also provide user support and facilitate knowledge sharing to enhance the team's capabilities.

Systems Administration

  • Configure and maintain network infrastructure, including routers, switches, firewalls, and VPNs. Monitor network performance, troubleshoot connectivity issues, and implement network security measures.
  • Issue and participate in procurement process and requests to ensure timely and cost-effective supply of materials for IT operations.
  • Coordinate with vendors to address problems and ensure client satisfaction, facilitating smooth IT operations.

Training

  • Conduct user training sessions and provide technical support.
  • Evaluate training effectiveness and identify areas for improvement.

Qualifications

Knowledge: Bachelor's degree in computer science, information technology, cybersecurity, or a related field. Relevant certifications like Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified Ethical Hacker (CEH) are highly valued. Additionally, hands-on experience, particularly in roles focused on IT infrastructure and security, is typically a key qualification for this role.

Experience: A minimum of 3-5 years of relevant experience in IT infrastructure management and security practices, including hands-on experience with network administration, security protocols, and incident response procedures. Additionally, experience in implementing and managing security solutions such as firewalls, intrusion detection systems, and encryption technologies is essential. Strong familiarity with industry standards and regulations, along with a proven track record of effectively communicating complex technical concepts to non-technical stakeholders, is also highly valued.

Skills: Possess strong technical abilities in areas such as network administration, system configuration, and security tool implementation. Proficiency in cybersecurity practices, excellent problem-solving and analytical skills, Strong communication skills Adaptability and a willingness to stay updated on the latest technologies and security trends


Or refer someone