Go back

Cybersecurity Manager

Apliko Tani

Reports To

Head of Security / Chief Information Security Officer

The Cybersecurity Manager is responsible for leading and managing the organization’s cybersecurity program. This role oversees cybersecurity operations, incident response, risk management, governance, compliance, security controls, audits, reporting, and continuous improvement. The Cybersecurity Manager ensures that cybersecurity activities are aligned with business objectives, regulatory requirements, internal policies, and international standards.

Key Responsibilities

  1. Cybersecurity Strategy & Leadership
  • Develop, maintain, and implement the cybersecurity strategy and roadmap
  • Lead cybersecurity initiatives in line with business needs and risk priorities
  • Manage and guide cybersecurity team members and related technical resources
  • Define cybersecurity objectives, priorities, KPIs, and improvement plans
  • Provide cybersecurity advice and recommendations to senior management
  1. Security Operations Management
  • Oversee security monitoring, threat detection, incident response, and security operations
  • Ensure effective operation of SIEM, EDR/XDR, firewalls, IDS/IPS, vulnerability management, and other security tools
  • Review and evaluate security alerts, incidents, reports, and trends
  • Ensure incidents are properly classified, escalated, documented, and resolved
  • Supervise daily cybersecurity operational activities
  1. Incident Response & Crisis Management
  • Own and maintain the cybersecurity incident response process
  • Coordinate major cybersecurity incident response activities
  • Ensure proper communication with management, internal teams, legal, compliance, and other stakeholders
  • Lead post-incident reviews and ensure corrective actions are implemented
  • Maintain incident response documentation, playbooks, and escalation procedures
  1. Risk & Vulnerability Management
  • Manage the cybersecurity risk assessment process
  • Maintain and review the cybersecurity risk register
  • Prioritize vulnerabilities and remediation actions based on business risk
  • Ensure timely follow-up on risk mitigation actions
  • Review exceptions, accepted risks, and risk treatment plans
  • Report cybersecurity risks and remediation status to management
  1. Governance, Compliance & Audit
  • Ensure cybersecurity alignment with applicable standards and frameworks, including:
    • ISO/IEC 27001
    • NIST SP 800-53
    • CIS Critical Security Controls
    • Internal security policies
    • Regulatory and contractual requirements
  • Coordinate internal and external cybersecurity audits
  • Ensure audit evidence, corrective actions, and compliance documentation are maintained
  • Support ISMS implementation, monitoring, and continuous improvement
  • Track audit findings and ensure remediation within agreed deadlines
  1. Security Policies, Standards & Procedures
  • Develop, review, and maintain cybersecurity policies, standards, procedures, and guidelines
  • Ensure security requirements are integrated into IT, network, application, infrastructure, and business processes
  • Promote secure configuration, patch management, change management, access control, and data protection practices
  • Ensure cybersecurity documentation remains accurate and up to date
  1. Identity & Access Governance
  • Oversee identity and access management controls
  • Ensure implementation of least privilege, role-based access control, and segregation of duties
  • Coordinate privileged access management and periodic access reviews
  • Monitor excessive privileges, unauthorized access, and access control violations
  • Ensure user access processes comply with internal policies and audit requirements
  1. Security Awareness & Culture
  • Manage the cybersecurity awareness program
  • Plan and coordinate awareness campaigns, phishing simulations, and user training
  • Promote a strong cybersecurity culture across the organization
  • Ensure employees understand their security responsibilities
  1. Vendor & Third-Party Security
  • Assess cybersecurity risks related to vendors, suppliers, contractors, and third parties
  • Ensure security requirements are included in procurement, contracts, and third-party agreements
  • Review third-party access, external connections, integrations, and service provider risks
  • Coordinate remediation of third-party security findings
  1. Reporting & Continuous Improvement
  • Prepare regular cybersecurity reports for management
  • Report on incidents, vulnerabilities, risks, audit findings, KPIs, and remediation progress
  • Recommend improvements to cybersecurity tools, processes, controls, and staffing
  • Monitor emerging threats, technologies, and regulatory developments
  • Ensure continuous improvement of the cybersecurity program

Qualifications

Education

  • Bachelor’s degree in Information Security, Computer Science, Information Technology, or a related field
  • Master’s degree is an advantage

Experience

  • 3–5+ years of experience in cybersecurity, IT security, information security, or related fields
  • 2–3+ years of experience in a leadership, coordination, or management role is preferred
  • Experience in telecom, financial services, critical infrastructure is an advantage

Technical & Management Skills

  • Strong understanding of cybersecurity operations, governance, risk, and compliance
  • Experience with SIEM, EDR/XDR, firewalls, IDS/IPS, vulnerability management, IAM, VPN, and network security technologies
  • Good understanding of Windows, Linux, network infrastructure, cloud security, and enterprise IT environments
  • Ability to manage incidents, audits, projects, risks, and cross-functional security activities
  • Strong reporting, planning, communication, decision-making, and leadership skills

Certifications Preferred

  • CISSP
  • CISM
  • CISA
  • CEH
  • CompTIA Security+
  • Fortinet NSE certifications
  • Cisco security-related certifications
  • ISO/IEC 27001

 

Core Competencies

  • Leadership and team management
  • Strategic and risk-based thinking
  • Incident and crisis management
  • Governance, audit, and compliance management
  • Strong communication with technical and non-technical stakeholders
  • Decision-making under pressure
  • Analytical and problem-solving skills
  • Confidentiality, integrity, and professional judgment
  • Ability to prioritize and manage multiple activities

Working Conditions

  • May require availability during major cybersecurity incidents
  • May require work outside regular business hours for critical incidents, audits, or emergency response
  • Requires coordination with Network/IT Infrastructure, Legal, HR, Compliance, Internal Audit, Procurement, and business departments

Benefits

  • Competitive salary aligned with the local labor market
  • Training and professional development programs
  • Employee Wellbeing Program
  • Health insurance coverage
  • Team-building activities and recognition programs
  • Flexible working hours + early Friday finish
  • Extensive mobile benefits (minutes, SMS, data, roaming, loan amounts)
  • Free IPKO internet, DTV & telephony services

 

Work Location

Prishtinë — IPKO Industrial Zone

 

Application Deadline

 26 May 2026

Apliko online

Working place:
Prishtinë

The deadline for application
26/05/2026