Information Security & IT Operations Lead

Role Purpose

Ektis is a cloud‑first, remote‑first consulting firm entering its next stage of growth. As our systems, data footprint, and team expand, we are introducing a dedicated Information Security & IT Operations Lead to strengthen our cyber posture, formalise our internal IT operations, and implement a lightweight, ISO‑aligned control framework across the organization.

This hybrid role combines security governance, cloud/SaaS management, and day‑to‑day IT operations oversight. It does not require heavy infrastructure management, but it does require excellent coordination, ownership, attention to detail, and comfort working with modern SaaS environments.

This role will be the key owner of cybersecurity, IT operations, and compliance controls across the firm.

• Own and maintain Ektis' lightweight ISO‑aligned cybersecurity framework.
• Develop and maintain security policies (Information Security, Access Control, Incident Response, Data Classification).
• Maintain the organization's risk register, monitor control performance, and lead quarterly security reviews.
• Manage security requirements for new tools, reviewing vendor certifications, data residency, encryption, and privacy controls.
• Ensure compliance with KSA PDPL and UAE DP Law.
• Manage incident response processes, including readiness, logging, and post‑incident reviews.
• Lead or support internal security awareness training and phishing simulations.

• Configure and maintain identity controls across Microsoft 365 (Azure AD): MFA, Conditional Access, RBAC, access reviews.
• Oversee joiner–mover–leaver workflows.
• Ensure least‑privilege access across all SaaS platforms.

• Act as system owner for Microsoft 365 and other core SaaS platforms.
• Implement and maintain platform security baselines.
• Maintain inventory of SaaS tools with risk scoring and data residency.
• Review cloud misconfigurations periodically.

• Oversee device compliance: encryption, updates, antivirus/EDR, MDM.
• Ensure secure configuration for all laptops and mobiles.
• Define and enforce endpoint standards for remote employees.

• Oversee day‑to‑day internal IT operations.
• Coordinate with tech support for escalations and configuration.
• Standardise device provisioning and lifecycle management.
• Monitor licenses and manage user lifecycle.
• Maintain documentation for systems and assets.

• Monitor Microsoft Secure Score and lead remediation.
• Recommend process and system improvements.
• Prepare quarterly reports on cybersecurity posture and incidents.

• 3–6 years in information security or IT operations.
• Experience with Microsoft 365 / Azure AD.
• Hands‑on experience with MFA, Conditional Access, SaaS admin.
• Understanding of cloud security risks.
• Experience writing and implementing policies.
• Strong organisational and documentation skills.

• Exposure to ISO 27001 or SOC 2.
• Experience with MDM (Intune, Jamf).
• Knowledge of KSA/UAE data protection.
• Professional services experience.
• Phishing simulation tools experience.

• Bachelor's degree in IT, CS, Cybersecurity.
• Security+, Microsoft Security Administrator, ISO Internal Auditor.

• Ownership mindset.
• High integrity and trustworthiness.
• Attention to detail.
• Strong communication skills.
• Comfortable in a remote environment.
• Process‑oriented mindset.

• Framework fully deployed and maintained.
• Device fleet fully compliant.
• Microsoft 365 hardened.
• SaaS vendor risks monitored.
• Quarterly reviews running.
• Stable and scalable IT/security operations established.