IT Security Manager at Aluko & Oyebode

JOB SUMMARY:

• The IT Security Manager is responsible for ensuring the confidentiality, integrity, and availability of the firm's information assets. This role involves designing and implementing security measures, conducting risk assessments, and providing expertise to safeguard the Firm's IT infrastructure against potential threats. The incumbent will collaborate with cross-functional teams to develop and enforce security policies, ensuring compliance with global standards and legal requirements.

KEY RESPONSIBILITIES:

• Maintain and align security controls with NDPR, ISO 27001, NIST, client-specific requirements and other relevant standards; lead readiness efforts for external and internal audits or compliance reviews.
• Lead cloud security oversight for Microsoft 365 and other cloud services, ensuring secure configurations, Data Loss Prevention, and regulatory compliance.
• Manage access control across all systems and conduct periodic user access reviews to uphold least privilege principles.
• Oversee the design, implementation, and optimization of security infrastructure including SIEM, firewalls, and endpoint protection; own SIEM service relationship including configuration, alerting, incident support, and monthly health checks.
• Conduct regular vulnerability assessments and penetration tests; lead incident response planning and execution.
• Assess third-party vendors’ security posture and enforce cybersecurity clauses in contracts and service-level agreements.
• Define and report on key security KPIs such as patch compliance, phishing resilience, incident resolution time, and audit closures.
• Deliver tailored security awareness training for legal professionals and support staff; maintain up-to-date security documentation including thread models, business impact analysis, and response procedures. 
• Collaborate with internal teams to integrate secure design principles into infrastructure and application projects.
• Perform additional duties as required to support evolving security needs and IT initiatives.

EDUCATIONAL QUALIFICATION:

• Bachelor’s degree in Computer Science, Information Technology, Cyber-Security or a related field.
• Professional certifications such as CEH, CISSP, ISO 27001 Lead Implementer, or equivalent.

SKILLS / KNOWLEDGE REQUIREMENTS:

• Minimum of 5 years of experience in information security or IT risk management.
• Strong understanding of security technologies and frameworks, including SIEM, firewalls, encryption, and endpoint protection.
• Experience with cloud security, particularly Microsoft 365 (Entra ID, Defender, Intune, Purview) and other SaaS platforms.
• Excellent analytical, problem-solving, and communication skills.
• Ability to lead cross-functional teams and manage multiple projects simultaneously.