On behalf of our client, a financial services company based in Malta, seeking a dedicated Security & IT Operations Lead to join their team. The Security & IT Operations Lead is a key role combining operational security with regulatory IT oversight. The role is responsible for ensuring that the Company’s information systems are secure, resilient, and compliant with the requirements of PSD2, PCI DSS, DORA, GDPR, and ISO 27001 and IT governance. The role is directly responsible for administering local IT infrastructure, managing access controls, and providing day-to-day user support. This includes hands-on system administration and coordination with external IT providers for escalated issues. Operating under the direction of the CISO and in functional collaboration with the DORA Officer and CTO, the Security & IT Operations Lead acts as the Company’s primary in-country point of contact for regulatory inspections and audit engagements related to IT and cybersecurity matters. If you feel you have the necessary skills, please apply today.
MAIN DUTIES AND RESPONSIBILITIES
- Operate and fine-tune endpoint protection platforms (EDR/EPP), vulnerability scanners, and cloud-security controls.
- Monitor and triage security alerts, coordinate with CISO and MSP for incident response and remediation.
- Perform periodic access-control reviews, enforce least-privilege principles.
- Maintain technical controls for data protection: encryption, secure backups, key management.
- Implement technical security measures aligned with the Company’s DORA compliance programme.
- Implement controls aligned with PSD2 and DORA (ICT Risk Management).
- Maintain and improve ISMS artefacts to demonstrate compliance with PSD2, DORA, ISO 27001, SOC 2, and MFSA guidelines.
- Prepare and update evidence logs for audits, certification processes, and MFSA license obligations.
- Own and update IT-related corporate policies: asset management, change management, incident handling, and business continuity.
- Lead security awareness campaigns and phishing simulations across the Company.
- Collaborate with the DORA Officer, CISO, and Compliance Officer to uphold internal control frameworks.
- Monitor outsourcing contracts, ensuring third-party controls meet regulatory standards.
- Administer local IT systems (network, endpoints, office infrastructure).
- Provision laptops and devices, manage MDM, apply system updates/patching.
- Manage SaaS platform accounts (Google Workspace, Atlassian, AWS).
- Oversee user lifecycle management (joiner/mover/leaver process).
- Provide 1st/2nd-line technical support to Malta-based staff and coordinate with the external MSP for escalated incidents.
- Identify automation opportunities (scripting, workflows) to reduce manual IT workloads.
- Act in close coordination with the CISO, DORA Officer, and Compliance team to maintain and enforce the Information Security Management System (ISMS).
- Ensure adherence to internal security controls such as least-privilege access, endpoint protection, secure backups, and cryptographic key management.
- Maintain full readiness for MFSA, PSD2, and DORA audits through evidence-based documentation, security policies, and operational logs.
- Administer day-to-day control over IT systems, ensuring business continuity, disaster recovery (as per the tested BCPs), and data integrity.
- Own and update critical governance documents (e.g., Change Management, Incident Response, IT Asset Register).
- Support execution and testing of BCPs.
- Manage relationships and oversight for outsourced IT providers in accordance with the ICT third-party risk management policy and DORA obligations.
CANDIDATE PROFILE
- Bachelor’s degree in Information Security, Computer Science, Information Technology, or a related field. A Master’s degree is considered an asset.
- Industry-recognised certifications strongly preferred.
- Minimum 5 years of experience in IT operations, cybersecurity, or IT governance, ideally in regulated financial services or fintech environments.
- Proven hands-on experience in:
- System and network administration.
- Endpoint protection, MDM, and vulnerability management tools.
- Cloud platforms such as AWS, Google Workspace, and SaaS account management.
- Experience supporting internal/external audits, regulatory inspections, and producing evidence logs.
- Familiarity with ICT risk management, business continuity planning, and third-party risk oversight under DORA or similar frameworks.
Due to the high volume of applications, we receive at GRS Recruitment, only shortlisted candidates will be responded to.
To apply for this position, please email your CV to
Sarah Miceli, sarah@grsrecruitment.com quoting the above job reference.