About the position
Hardware Procurement & Asset Management:
Source and procure IT hardware (computers, laptops, peripherals, networking equipment, UPS devices) from reputable suppliers at competitive market prices.
Obtain and evaluate a minimum of two written quotations for all capital hardware acquisitions; present recommendations with a cost-benefit motivation.
Maintain an up-to-date IT asset register covering all hardware across Head Office and branches, including serial numbers, warranty status, and assigned user.
Coordinate hardware replacements, upgrades, and disposals in accordance with the Company's asset management and CAPEX budgeting processes.
Liaise with the Finance department regarding asset capitalisation, depreciation classifications, and budget alignment.
Source new IT equipment proactively — identify reputable suppliers, benchmark pricing, evaluate specifications against business requirements, and present recommendations to management before purchase; build and maintain relationships with preferred hardware suppliers to ensure competitive pricing and reliable lead times.
Connectivity & Network Management:
Act as the first internal point of escalation for fibre line outages and connectivity degradation at Head Office and, remotely, at branch locations.
Log and manage fault tickets with the relevant ISP or network service provider; follow up proactively to ensure timely restoration of services.
Monitor network performance and identify recurring issues; escalate to external providers with documented evidence where SLA breaches occur.
Maintain basic network documentation, including IP addressing, router/switch configurations, and VLAN layout.
Assist branches in troubleshooting connectivity issues remotely via appropriate remote access tools.
Administer and maintain network switches, routers, and related infrastructure, including firmware updates, port configuration, and fault diagnosis; ensure all network hardware is under warranty or a supported maintenance agreement.
Manage and maintain on-premise servers, including routine health checks, patch management, backup verification, storage monitoring, and capacity planning; coordinate with external providers for hardware support and escalate critical failures without delay.
Cloud Platform & Microsoft 365 Administration:
Administer the Company's Microsoft 365 tenant, including Exchange Online, SharePoint, Teams, OneDrive, and related services; manage licence assignments, service health, and configuration in line with security best practice.
Manage Microsoft Entra ID (Azure AD) — including user and group administration, conditional access policies, app registrations and secret key renewals, MFA enrolment, and sign-in log monitoring for suspicious activity.
Oversee Microsoft 365 licence management in conjunction with the Company's CSP partner — aligning licences to active users, processing additions and removals promptly, and ensuring spend is optimised against actual usage.
Manage the Company's cloud backup solution (N-Able Cove 365) — maintain the protected user list, verify monthly backup reports, onboard new users promptly, and remove leavers to avoid unnecessary cost.
Monitor and act on Microsoft 365 Secure Score recommendations; produce a monthly progress report for management and track remediation of outstanding items over time.
External IT Service Provider Management:
Serve as the primary internal liaison for all third-party IT vendors, managed service providers, and software support partners.
Review and evaluate service provider proposals and contracts; escalate material terms to management for approval.
Manage SLA adherence and maintain a vendor performance log; raise concerns formally where performance is substandard.
Coordinate and schedule external provider engagements (on-site visits, remote sessions, maintenance windows) to minimise business disruption.
Assess the scope, cost, and value of new vendor offerings relative to existing internal capabilities before recommending adoption.
Maintain a complete register of all IT-related subscriptions and software licences; monitor renewal dates and costs, obtain management approval ahead of renewals, and cancel or renegotiate subscriptions that no longer deliver demonstrable value.
Coordinate with the Marketing function on a scheduled basis to update and deploy standardised.
Company email signatures across all staff via CodeTwo; ensure signature templates reflect current branding, contact details, and any required legal or marketing content.
Own and govern the email signature management process end-to-end: maintain a master signature template library, ensure all new employees are provisioned with the correct signature upon onboarding, trigger updates whenever branding, titles, or contact details change, and conduct a quarterly audit to confirm consistency across all staff and departments.
End-User Support & Helpdesk:
Provide first- and second-line technical support to all client’s staff across departments and branches.
Resolve hardware and software incidents efficiently, either remotely or in person, with appropriate logging and follow-up.
Set up and configure new user workstations, laptops, email accounts, and application access in line with role requirements.
Add new employees to all relevant shared folders, SharePoint sites, distribution groups, and email distribution lists in accordance with their role and department; maintain a role-based access matrix to ensure provisioning is consistent and auditable across all systems.
Train staff on basic system use, cybersecurity practices, and any new tools or platforms adopted by the Company.
Own and maintain a formal IT onboarding and offboarding checklist; ensure every new joiner is fully provisioned on day one (device, accounts, folders, distribution groups, application access, email signature) and that every leaver is fully deprovisioned on their last working day without exception — documenting all actions taken for audit purposes.
Execute a structured user offboarding process when staff leave — including immediate session revocation, licence removal, access blocking, mailbox forwarding, and removal from backup services — ensuring no steps are missed and all actions are logged.
Administer BitLocker encryption across all Company devices — maintain a secure record of recovery keys, provision keys to authorised users when required, and ensure all new devices are encrypted prior to deployment.
Printer & Peripheral Management:
Ensure all networked and standalone printers across Head Office and branches are maintained in a fully operational condition.
Manage consumable stock (toner, drums, maintenance kits) and coordinate procurement before stock-out occurs.
Arrange and oversee printer servicing and repair through authorised service agents; assess repair vs. replace where applicable.
Configure printer drivers and network printing settings for new and existing users.
IT Policy Development & Compliance:
Develop, maintain, and review IT policies and procedures, including but not limited to: Acceptable Use Policy, Data and Device Security Policy, Password Policy, and AI Usage Policy.
Ensure all IT policies are aligned with applicable legislation and best practice frameworks.
Monitor staff compliance with IT policies; report material non-compliance to the Finance & HR Manager.
Maintain and update the Company's IT disaster recovery and business continuity documentation.
Cybersecurity Awareness & Risk Management:
Drive a culture of cybersecurity awareness across the organisation through regular communications, training, and simulated awareness exercises.
Identify and communicate emerging cybersecurity threats relevant to the Company's industry and technology environment.
Implement and maintain baseline security controls, including endpoint protection, email filtering, software patching, and access control.
Report cybersecurity incidents promptly; manage initial containment and coordinate with external specialists where required.
Conduct periodic reviews of system access, user permissions, and software licensing to identify and remediate risk.
Maintain and monitor email authentication records (DMARC, DKIM, and SPF), ensuring policies are correctly configured, aggregate reports are reviewed regularly, and any domain spoofing or deliverability issues are identified and resolved promptly.
Utilise the RMM platform (N-Central) to monitor device health, manage agents, deploy patches and scripts, and respond to automated alerts across all endpoints; ensure the monitoring estate is current and agents are installed on all active devices.
Maintain and enforce endpoint protection across all devices using Microsoft Defender and the Company's AV solution — ensure definitions and engines are current, investigate AV alerts promptly, and remediate compromised or non-compliant endpoints without delay.
Respond to phishing attempts, impersonation incidents, and account compromise alerts — conduct message trace investigations, review sign-in logs, block malicious activity, and coordinate with the external provider's SOC team where escalation is warranted; communicate findings and remediation actions to management clearly and promptly.
Track and remediate end-of-life and obsolete software across the device estate — maintain visibility of EOL operating systems, applications, and runtimes, and drive timely upgrades to eliminate security exposure.
Minimum Requirements:
Minimum Requirements (Qualifications & Experience)
Education and Work Experience:
National Diploma or Bachelor's Degree in Information Technology, Computer Science, or a related field.
CompTIA A+, Network+, or Microsoft 365 certification will be advantageous.
ITIL Foundation certification advantageous.
Minimum 3 to 6 years' proven experience in an internal IT support or IT officer role.
Demonstrated experience managing end-user hardware, network connectivity, and peripheral devices.
Hands-on experience liaising with third-party IT vendors and ISPs.
Experience developing or implementing IT policies will be advantageous.
Exposure to a multi-site or multi-branch environment (on-site or remote support) is preferred.
Technical Competencies:
Proficiency in Microsoft 365 administration (Exchange Online, SharePoint, Teams, Intune or equivalent MDM) and Microsoft Entra ID (Azure AD), including app registrations, conditional access, and MFA management.
Working knowledge of Windows Server environments,
