IT Security Officer/Manager at Julius Berger

An experienced and results-driven IT Security Officer / Manager to optimize and manage our corporate cybersecurity operations. This role is responsible for developing, implementing, and maintaining the organization’s information security strategy to protect systems, data, and networks from internal and external threats. The ideal candidate will bring deep technical knowledge, Nigerian cultural awareness and a strong understanding of regulatory compliance and risk management.

Job Details

• Provide leadership on information security governance and cybersecurity operations 
• Coordinate internal IT teams and external vendors on security initiatives 
• Collaborate with IT division and business leaders to integrate security into project lifecycles
• Ensure a secure and controlled IT environment that protects organizational information assets 
• Promote adherence to information security policies, standards, and regulatory requirements
• Contribute to cybersecurity budgeting and cost-effective selection of security tools and solutions 
• Support planning and prioritization of security investments based on risk
• Ensure timely monitoring, detection, and response to security incidents 
• Coordinate prompt incident response and disaster recovery activities.
• Ensure high-quality implementation and continuous improvement of security controls 
• Maintain effectiveness of the Information Security Management System (ISMS)
• Serve as the first point of contact via phone, email, ticketing system, or in-person for all technical support issues. 
•  Guide users through step-by-step solutions using remote support tools or direct assistance.
• Perform account management tasks such as password resets, access rights, and Active Directory user onboarding/offboarding.
• Manage and oversee cybersecurity vendors and service providers 
• Ensure third-party compliance with organizational and regulatory security requirements.
• Provide security input into the design of networks, systems, cloud platforms, and applications
• Develop, implement, and maintain security policies, standards, and procedures aligned with ISO/IEC 27001, NIST, and GDPR
• Lead information security risk assessments, vulnerability assessments, and internal audits 
• Ensure compliance with regulatory, contractual, and industry cybersecurity requirements (ISO 27001, NIS2, PCI-DSS, SOX) 
• Monitor and manage daily security events across the infrastructure
•  Lead deployment and management of security solutions including firewalls, EDR, SIEM, DLP, PAM, and MFA 
• Investigate, respond to, and document security incidents and breaches 
• Develop and maintain the Information Security Management System (ISMS) 
• Provide regular security risk and status reports to management 
• Define and drive the cybersecurity roadmap, including tools, budgets, and training initiatives
• Perform any other task assigned by the Line Manager

Requirements

• Bachelor´s Degree in Computer Studies, Information Technology or any Computer related field. 
• Professional certifications such as ISO/IEC 27001 Lead Implementer or Lead Auditor, CISSP, or CISM are required or strongly preferred. Technical certifications in Microsoft Security, Fortinet, Palo Alto, or major cloud platforms (Azure/AWS) are an advantage. Additional certifications such as CEH, CRISC, or ITIL Foundation are considered a plus.
• Minimum of 5+ years in IT support, including 2+ years in geographically distributed IT landscape.
• Strong understanding of network security, cloud security (Azure, AWS), and endpoint protection 
• Knowledge of Identity and Access Management (IAM), Zero Trust architecture, and Data Loss Prevention 
• Proven experience with security frameworks: ISO/IEC 27001, NIST CSF, CIS Controls, MITRE ATT&CK Skills/Knowledge/Abilities 
• Experience with security tools such as Microsoft Defender XDR, Sentinel, Splunk, Fortinet, Palo Alto, and CrowdStrike 
• Familiarity with cloud security platforms including Microsoft 365 Defender, Azure Security Center, and AWS Shield 
• Understanding of risk and compliance requirements including ISO 27001, GDPR, NIST, and DORA (where applicable) 
• Strong analytical thinking, communication, stakeholder engagement, and decision-making skills.