• Bachelor’s degree in Information Technology, Computer Science, or related field (or equivalent work experience).
• Certifications in security or privacy (CISSP, CISM, CIPP, etc.) and/or experience with IAM tools (Okta, Azure AD, OneLogin).
• Familiarity with scripting and automation for IT/security tasks.
• Extensive hands-on experience in firewall management, network security, and policy configuration.
• Strong background in SaaS/system administration and role-based access control.
• Knowledge of data security, backups, encryption, and incident response.
• Familiarity with compliance and privacy standards; ability to function as Data Privacy Officer 
• Clear documentation and policy-writing skills.
• Effective communicator able to educate non-technical staff on security.
• Analytical and detail-oriented; proactive in risk identification.

Responsibilities:

System & SaaS Administration

• Manage and maintain all core SaaS platforms (LMS, CRM, HRIS, etc.) and internal systems.
• Administer user accounts, access rights, and role-based permissions.
• Document and enforce access control, onboarding/offboarding, and system usage policies.
• Collaborate with IT vendors and partners for escalations and specialized support.

Security & Compliance

• Configure and manage firewalls, VPNs, and network security appliances.
• Monitor and update security policies for systems, SaaS, and data storage.
• Perform regular audits of access logs, firewall rules, and system permissions.
• Ensure compliance with data protection regulations (e.g. PDPA, GDPR).
• Act as the Data Protection Officer (DPO) when needed, handling privacy requests and external coordination.

Data Protection & Continuity

• Implement and maintain data security practices, including encryption, backups, and disaster recovery procedures.
• Review and enhance data retention and handling policies.
• Investigate and respond to potential security incidents or breaches.

Security Awareness & Education

• Train and guide staff on security best practices (e.g. phishing awareness, password management, data handling).
• Develop easy-to-follow documentation and run periodic refresher sessions.
• Provide limited tech support focused on access and SaaS issues (not hardware troubleshooting).