IT Security Lead

📋 Description

• • As the IT Security Lead at Ruby Labs Ltd., you will be instrumental in architecting, implementing, and managing our corporate Identity and Access Management (IAM) and operations security infrastructure from its foundational stages. This pivotal role is designed for a visionary leader who can drive a high level of automation within our IAM processes, creating an environment that is both seamlessly secure and highly efficient for our workforce. You will leverage cutting-edge technologies to ensure that robust security safeguards are in place without impeding productivity, thereby fostering a culture of security excellence across the organization.
• • Your primary responsibility will be to design and build a comprehensive operations security infrastructure and IAM system from the ground up. This involves developing, implementing, and rigorously maintaining security policies, strategies, and protocols to protect our valuable intellectual property and prevent any form of unauthorized access. You will be responsible for deploying and managing a suite of security tools and solutions, with a strategic preference for open-source technologies where they offer the best balance of functionality, cost-effectiveness, and community support.
• • A key aspect of this role involves establishing and enforcing organization-wide device security compliance. You will utilize Mobile Device Management (MDM) software in conjunction with other products to ensure consistent protection standards across all endpoints, whether they are company-owned or Bring Your Own Device (BYOD). Furthermore, you will define and implement stringent remote work security standards and best practices, covering both company-issued and personal devices used for work purposes.
• • In the realm of Identity and Access Management, you will design and implement a sophisticated access structure leveraging a robust identity provider. This includes meticulously managing user provisioning and deprovisioning workflows across all company tools and services, ensuring that access is granted and revoked efficiently and securely. A significant focus will be placed on automating the entire access lifecycle management, encompassing both onboarding and offboarding processes to minimize manual intervention and reduce the risk of human error. You will maintain strict control and audit access permissions, rigorously adhering to the principle of least privilege to ensure that users only have the necessary access to perform their duties.
• • You will also be responsible for implementing and maintaining identity federation technologies, enabling seamless and secure access across multiple platforms and applications. This includes setting up Single Sign-On (SSO), SAML, and OpenID Connect (OIDC) protocols to enhance user experience while strengthening security posture.
• • Your expertise will extend to Google Workspace administration, with a sharp focus on security configurations and compliance. You will configure critical security policies within Google Workspace, such as Context-Aware Access, LDAP integration, SCIM for automated provisioning, and other advanced controls to harden the environment.
• • Establishing IT security operations (SecOps) best practices and standard operating procedures will be a core function. You will conduct regular security assessments and vulnerability management activities to proactively identify and address potential weaknesses. Defining key security metrics and Key Performance Indicators (KPIs) will be crucial for measuring and reporting on the organization's security posture. You will provide regular, clear, and actionable security posture reports to leadership, advising them on security risks, compliance requirements, and effective remediation strategies.
• • Developing and maintaining comprehensive security documentation, including detailed runbooks and policies, is essential for operational consistency and knowledge transfer. You will be tasked with streamlining security-related processes to enhance both efficiency and effectiveness. Furthermore, you will create and maintain robust disaster recovery and business continuity plans to ensure resilience in the face of unforeseen events. Driving security awareness and training initiatives across the entire organization will be vital in fostering a security-conscious culture.
• • This role offers a unique opportunity to build and shape the security foundation of a growing tech company, directly impacting its ability to innovate and operate securely in a dynamic digital landscape. You will be a key player in ensuring Ruby Labs maintains its competitive edge through robust and agile security practices.