Team Lead, IT Security

Contract duration: 12 months (Convertible to permanent)

Job Overview

The Supervisor, IT Security & GRC, will lead the organization's cybersecurity and governance team, ensuring that both technical defences and compliance frameworks are effectively implemented, monitored, and continuously improved. This role provides leadership across IT Security Operations and Governance, Risk, and Compliance (GRC), aligning security initiatives with business objectives while meeting regulatory requirements.

The Supervisor will oversee daily security operations, guide the team in risk management and compliance activities, and serve as the escalation point for both security incidents and governance issues. This position requires a balance of technical expertise, regulatory knowledge, and strong leadership to protect the organization's information assets.

Key Responsibilities

Leadership & Team Management

• Lead and supervise IT Security Analysts and IT GRC staff, providing guidance, mentorship, and performance management.
• Develop team objectives and ensure alignment with organizational cybersecurity strategy and business goals.
• Act as the primary escalation point for complex security incidents, compliance issues, and third-party risk assessments.

Security Operations

• Oversee monitoring and response to security events, ensuring timely detection, investigation, and remediation of threats.
• Ensure effective vulnerability management practices, including scanning, patch management, and penetration testing coordination.
• Review firewall rules, endpoint protection, and security configurations to ensure compliance with standards and best practices.
• Provide direction for incident response activities and ensure escalation procedures are followed.

Governance, Risk & Compliance (GRC)

• Lead the development, review, and enforcement of information security policies, procedures, and guidelines.
• Oversee risk assessments and ensure the risk register is maintained, updated, and reviewed regularly.
• Supervise internal and external audits, ensuring readiness and timely closure of findings.
• Manage vendor risk assessments and third-party compliance monitoring.
• Promote cybersecurity awareness, training, and communication across the organization.

Strategic & Cross-Functional Responsibilities

• Collaborate with IT, business, and compliance teams to integrate security into projects, systems, and business initiatives.
• Track, analyze, and report on cybersecurity posture, compliance status, and risk exposure to senior management.
• Stay updated on emerging threats, regulatory changes, and industry best practices to ensure proactive improvements.
• Assist in budget planning and resource allocation for security and compliance initiatives.

Requirements

• Education
  : Bachelor's Degree in Information Technology, Cybersecurity, or related field.
• Experience
  :
• Minimum 7 years of experience in IT Security and/or GRC, with at least 2–3 years in a supervisory or leadership role.
• Strong background in both security operations (SOC, vulnerability management, incident response) and GRC (policy development, audits, regulatory compliance).
• Technical Knowledge
  :
• Hands-on understanding of network and system security, endpoint protection, cloud security, and identity management.
• Familiarity with ISO 27001, NIST CSF, PCI-DSS, and local regulatory requirements (e.g., BNM RMiT).
• Leadership Skills
  :
• Proven ability to lead and motivate teams, manage priorities, and resolve conflicts.
• Excellent communication skills with the ability to engage both technical and non-technical stakeholders.
• Certifications
  (advantageous): CISSP, CISM, CISA, CEH, CompTIA Security+, ISO 27001 Lead Implementer/Auditor.
• Soft Skills
  : Strategic mindset, strong analytical thinking, attention to detail, and effective time management.