IT Security Officer (ITSO)

Summary: In this role, you will help ensure that vulnerabilities and exposures across our environment are identified, validated, and remediated in a timely manner. You will work closely with system owners and report findings, helping to keep our risk posture visible and well-managed. Job Scope Attack Surface Monitoring, Vulnerability Scanning, and Triage • Monitor and triage findings surfaced by our Attack Surface Management (ASM) and Vulnerability Management tools • Assess each finding for validity, severity, and exploitability before escalating or acting on it • Distinguish genuine exposures from false positives and contextualise findings against our asset inventory • Prioritise remediation efforts based on risk • Remediation Workflow Management • Work with system owners to follow up on outstanding findings • Track remediation progress and ensure findings are resolved in a timely manner • Manage exceptions and risk acceptance where remediation is not immediately feasible • Communicate clearly with non-technical stakeholders, translating technical findings into actionable guidance Reporting & Insights • Consolidate vulnerability data and remediation metrics for reporting • Identify trends and surface systemic issues across the organisation's attack surface and internal asset landscape • Provide recommendations to improve our overall exposure management programme Process Improvement • Contribute to the refinement of ASM and vulnerability management processes, tooling configurations, and escalation playbooks over time • Support the development and maintenance of vulnerability management policies, standards, and procedures in alignment with industry best practices Prerequisites • Bachelor’s Degree in Computer Science/Information Security or equivalent • Professional certifications, including GWEB, OSCP, CRISC, CISA or other relevant certifications will be preferred • Preferably 5 years of experience in a relevant cybersecurity function, such as vulnerability management, attack surface management, security operations, or IT risk • Strong understanding of cybersecurity concepts, particularly around vulnerability management, patch management, common vulnerability scoring frameworks (eg CVSS), and external-facing attack surface risks • Familiarity with ASM or vulnerability management tools (such as Tenable, Qualys, Censys, or similar) • Proficiency in programming languages such as Python will be advantageous • Strong analytical and judgement skills, with the ability to think critically and make sound recommendations • Good communication and interpersonal skills, with the ability to multitask, prioritise, and translate technical findings • Meticulous, with a high degree of integrity, initiative, and energy