IT Security Officer

Job Title: IT Security Officer

Department: Tech
Reports To: CTO
Location: Limassol, Cyprus

Employment Type: Full-time

About SiGMA Group 

Founded in 2014 and headquartered in Malta, SiGMA Group now employs over 250 professionals across seven global offices, including Malta, Cyprus, Serbia, São Paulo, Manila, India and Armenia. SiGMA is a global leader in gaming, emerging tech, affiliate marketing, events, and media, best known for its marquee summits like SiGMA Malta and iGaming Academy. The company's culture champions inclusivity, sustainability, collaboration, and philanthropic impact under its SiGMA Foundation initiative.

Position Overview

The IT Security Officer is responsible for protecting Sigma World's information systems, digital assets, and infrastructure. This role ensures that security policies, controls, and best practices are implemented, maintained, and continuously improved. The IT Security Officer leads governance, risk, and compliance activities and provides hands-on support for security operations, incident response, vulnerability management, and cloud security.

This position works closely with IT, management, and external auditors to maintain a strong security posture aligned with international standards.

Key Responsibilities

Governance, Risk & Compliance

• Develop, implement, and maintain Sigma World's cybersecurity frameworks and procedures aligned with ISO 27001, NIST, and CIS Controls.
• Draft, publish, and review information security policies (acceptable use, password policy, DLP, remote access, vendor security, etc.).
• Conduct periodic risk assessments and maintain a corporate risk register with mitigation plans.
• Support internal and external compliance audits (ISO 27001, GDPR, data protection requirements).
• Develop and run security awareness and phishing-simulation programs for employees.

Technical Security Oversight & Implementation

• Lead implementation and optimization of Data Loss Prevention (DLP) solutions across Microsoft 365, email, and endpoint systems.
• Email security management — Oversee and optimize email filtering, anti-phishing, anti-spam policies, and secure email gateways within Microsoft 365 (Defender for Office 365). Implement protections against business email compromise (BEC), spoofing, and malicious attachments.
• Oversee Zero Trust configurations to secure web access and internal applications.
• Review and strengthen endpoint protection and compliance policies in Microsoft Defender for Endpoint and Intune.
• Enhance identity protection by improving Conditional Access, MFA enforcement, privileged account management, and role-based access control.

Security Operations & Incident Response

• Act as the primary responder in security incidents: detection, investigation, containment, and recovery.
• Support forensic analysis, log review, and evidence collection for major incidents.
• Conduct post-incident reviews and ensure corrective actions are implemented.
• Monitor and share relevant threat intelligence, emerging threats, and attack trends.

Vulnerability Management & Penetration Testing

• Manage quarterly vulnerability scans and regular security assessments of infrastructure, cloud services, and endpoints.
• Coordinate and perform targeted penetration tests for websites, network devices, and internal systems.
• Work with IT teams to prioritize, track, and implement remediation activities.
• Review cloud and network configurations (Microsoft 365, Meraki, Ubiquiti, Cloudflare, etc.) to identify security gaps.

Cloud & SaaS Security

• Ensure Microsoft 365 is configured securely with proper security baselines and data protection controls.
• Maintain and enhance Zero Trust policies, access configurations, and security rules.
• Conduct security reviews for new third-party SaaS vendors and integrations.

Security Reporting & Continuous Improvement

• Prepare monthly security posture reports covering threats, incidents, vulnerabilities, and improvements.
• Develop and maintain a yearly cybersecurity roadmap aligned with Sigma World's strategic goals.
• Provide executive-level briefings to management and support board-level cybersecurity discussions.

Required Skills & Experience

• 3–5+ years of experience in cybersecurity or IT security roles.
• Strong understanding of information security frameworks (ISO 27001, NIST CSF, CIS).
• Hands-on experience with Microsoft 365 Security, Defender, Entra ID, Intune.
• Experience with firewalls, VPNs, and Zero Trust solutions (Cloudflare preferred).
• Knowledge of incident response and digital forensics fundamentals.
• Familiarity with vulnerability scanning tools (e.g., Nessus, Qualys).
• Understanding of network architecture and security configurations (Meraki, Ubiquity, etc.).

Preferred Skills

• Experience in cloud-native security in Azure AD / Entra ID environments.
• Scripting and automation (PowerShell, Python).
• Exposure to penetration testing methodologies.
• Experience in security for distributed multi-office environments.
• Ability to train and educate users on security best practices.

Certifications (preferred but not required)

• ISO 27001 Lead Implementer / Lead Auditor
• CompTIA Security+ or CySA+
• Microsoft Certified: Security Operations Analyst / Identity & Access Administrator
• CISSP, CISM, or CEH (advantageous)

Why SiGMA Group?

• Grow with us - Be part of SiGMA's global expansion and make your mark.
• Free iGaming Academy access - Learn the ins and outs of the industry with access to courses.
• Travel perks - Visit our international offices and attend industry events worldwide.
• Performance rewards - High performers are recognized and fast-tracked with annual reviews and bi-yearly performance checks ins.
• Interest-free car loan after probation (T&Cs apply)