Information Technology Security Officer

Overview

We are seeking an experienced SaaS Security Program Manager / IT Security Officer to lead security delivery, remediation governance, and security tooling implementation for a large-scale SaaS platform supporting a regulated public-sector account. This role focuses on execution, coordination, reporting, and risk governance across engineering teams, security vendors, and stakeholders. Hands-on code remediation is not required; strong security domain knowledge, project management capability, and managed services delivery experience are essential.

Key Responsibilities

• Own and drive the security remediation and tooling delivery program, including WAF and SIEM implementation.
• Maintain the security roadmap, milestone tracker, risk register, and vulnerability register.
• Coordinate remediation tracking, retesting, evidence collection, and risk acceptance workflows.
• Lead delivery coordination with platform engineers, SOC teams, security vendors, and external assessors.
• Prepare executive dashboards, remediation status reports, risk summaries, and audit response packs.
• Manage vendors, track delivery commitments, and escalate risks or delays proactively.
• Maintain security documentation, compliance mapping, and audit trails.
• Coordinate incident response and support CISO and Red Team reviews as required.

Requirements

• Minimum 6 years of experience in IT security, cybersecurity operations, or security consulting.
• Strong background in vulnerability management, incident handling, security audits, and risk management.
• Experience with SIEM platforms (e.g., Splunk, Elastic), WAF and firewall technologies, and security monitoring tools.
• Proven track record delivering security remediation or tooling implementation programs in multi-vendor environments.
• Solid project management, stakeholder management, and executive reporting skills.
• Experience in managed services and/or SOC operations is a strong advantage.
• Knowledge of security standards such as IM8, PCI DSS, HIPAA, CIS, or ISO/NIST preferred.
• Security or project management certifications (CISSP, CISM, CRISC, PMP, PRINCE2, etc.) are advantageous.

What Success Looks Like

• WAF and SIEM successfully implemented and operational.
• High and medium security findings closed or formally risk accepted.
• Stable remediation cadence and audit-ready documentation.
• Security posture maintained with no further regulatory or contractual escalation.