Job Description
Reports To: General Manager – Risk and Compliance
Job Summary: The main purpose of the job is to align IT risk to business strategies and objectives and offer continuous support to ensure functionality in a secure environment.
Key Responsibilities
Identification of key risks within the business and risk mitigation through implementation of relevant processes and procedures.
Provision of detailed reports to management on key systems around incidents, breaches and usage.
Participate in gathering, design, development and deployment of system requirement within the Business, and provide advice on security best practice and controls.
Monitor, contain and report any incidences.
Work closely with the IT team on incidence response and resolutions.
Periodic collection and compilation of metrics and measurements to report on progress and success of the InfoSec program.
Participant within the Incident response team (IRT) from a technology solution perspective.
Technical review and updating of existing policies and Procedures.
Enterprise security review of infrastructure.
Penetration testing and vulnerability assessments.
Conduct process reviews to ascertain the effectiveness of system deployments.
User management reviews using Identity and Access Management system or manual process
Penetration Testing and Vulnerability management and reporting
Guidance and training to staff in all areas of the Business.
Detailed reporting on Cyber incidences
Data analytics
Any other changes that arise.
Qualifications
Bachelor’s degree in computer science or related field
Industry certifications in security (Security+, CISM, CISA, CISSP, CCE, etc.)
Technology specific security technology certifications (CCSA, CCNA/CCNP Security, AESA, GCFA, ENCE, MCSE, MCSA etc.)
Experience
At least 5 years’ work experience in Information and Communication Technology
2 years’ work experience in the fields of IT Risk, Information Security with an interest in forensics.
Competencies
Technical Competencies
Proven practical experience and understanding of Information Security principals.Knowledge &experience with various network protocols (TCP/IP), log correlation, vulnerabilities & network management tools and penetration testing tools.
Experience with:
Active Directory and NTFS
OS (Windows Server; Windows 7/8/10, Linux)
Firewalls, IDS, IPS and other Security solutions
Malware detection & prevention techniques
Encryption technologies – whole disk, e-mail, data at rest, in motion
Web-layer security including securing of APIs
Working knowledge of security techniques
Good understanding of event monitoring – common events formatting in Syslog, Windows event viewer, etc.
Knowledge on Identity and Access Management including secure practices on user provisioning and roles management.
Cyber response skills
Technical writing skills
Behavioural Competencies
Excellent communication skills.
High standards of integrity and professionalism
Analytical skills
Problem solving skills
