Cyber Security Assurance Officer

Overall Purpose   
The role holder will support the Cyber Security Assurance roles as required by the business.
Responsibilities

Conduct periodic security reviews, vulnerability assessments & penetration tests across all of Company’s systems/infrastructure
Ensure all new and existing systems/products/services comply with Company’s security policies & standards and other industry best practices e.g. ISO27001, PCI, GDPR etc.
Provide timely and quality security assurance reports and advice to the business when required even with very tight deadlines
Do regular follow ups with system custodians/owners to ensure any security risks identified are addressed within the agreed timelines
Define Cyber Security metrics and report periodically on security compliance across all networks/systems
Develop a monthly scorecard for each department based on how well they are performing in terms of Cyber Security compliance
Research on new threats/technologies/vulnerabilities/security design principles etc.

Key performance indicators       
Information Security Compliance

Quality of security advice given based on feedback from users and system custodians/owners
Evidence of follow ups done to close/mitigate any security risks identified within the agreed timelines
80% percentage reduction on number of security incidents and audit issues based on the recommendations provided
80% percentage reduction on number of non-compliant systems

Security assurance

Provide timely and quality security assurance reports and advice to the business when required even with very tight deadlines based on feedback from PMO/system custodians
Evidence of follow ups done to close/mitigate any security risks identified within the agreed timelines
Define metrics and report periodically on security compliance across all projects/networks/systems
Develop a monthly scorecard for each department on how well they are performing in terms of security compliance

Information Security Research

Evidence of regular de-brief sessions/presentations for any new threats/technologies that are identified and how they can be mitigated/implemented in Company.
Where applicable, evidence of a consolidated action plan to address these new threats and follow up to resolution.
Quality of the research material, how (and to whom) it is presented and the follow up tasks arising out of the research.

Company Way

Clear demonstration of the six Company Way behaviors i.e. I make it happen, I am an ambassador, I am upbeat, I find a way, I put my colleagues first and I look after things.

Qualifications

Degree in Information Security/Computer Forensics/Computer Science/Information Technology or other relevant Technical Degree
Information security certifications e.g. CEH/CISSP/CISM/CISA/GIAC/CPTP/OSCP
Advanced Networking certifications: CCNA/CCNP/CCSP/CCIE are also preferred
Certifications in Microsoft Windows and Linux/Unix Operating Systems
Certifications in the use and administration of security tools e.g. Ethical Hacking tools

Skills and Experience

Minimum of 1 years’ working experience in Information Systems Security – e.g. Ethical Hacking, Penetration Testing, Vulnerability Assessments, Pre-and-Post Implementation System Reviews, etc.
Minimum of 1 years’ working experience in Networks and Operating Systems e.g. Cisco, Windows (All), Unix, Linux etc.
Minimum of 1 years’ working experience in programming and various Web application technologies e.g. cPanel, ModSecurity, Apache, Java, PHP, ASP, CMS, Joomla, WordPress etc. will be an added advantage
Working knowledge of Virtualization Technologies e.g. VMware, Microsoft HyperV, etc. will be an added advantage
Working knowledge and experience in DevOps and Microservices technologies i.e. Docker, Kubernetes, Jenkins, Github/Gitlab etc…
Working knowledge of Mobile and GSM technologies e.g. Android, IOS, 2G, 3G, LTE, USSD etc…
Excellent communication skills and team player.
Excellent project management skills and proven task execution (getting things done).
Superior report writing and presentation skills.
Very analytical and logical thinking
Customer focused