Summary

In conjunction with the Team Lead, Information Security, the job holder shall be responsible for designing and enforcing policies and procedures that protect our organization's computing infrastructure from all forms of security breaches. S/he will be responsible for identifying vulnerabilities and working with our IT department to resolve them, ensuring that our network and data remain secure. The Information Security Officer is responsible for the overall goal of information confidentiality, integrity, and availability.

Responsibilities

• Plan and conduct proactive monitoring, analysis, assessment and reporting on the system and network security events and compliance status.
• Plan and conduct regular vulnerability assessment scans of IT Infrastructure across the firm.
• Administration of User Access to applications in line with Access Control Security policies as well as driving compliance to other Information Security Policies.
• Regular review and development of Information Security Policies & Standards.
• Coordinate the periodic measurement, analysis, and reporting of Information Security Key Risk Indicators
• Support the development and implementation of awareness programs and campaigns to promote information security consciousness and compliance
• Documenting of any security breaches and assessing their damage.
• Educating staff members about security software and best practices regarding information security management.
• Support the coordination and implementation of all information security projects
• Monitoring network usage to ensure compliance with security policies.
• Provides continuous assurance to the business on the effectiveness and adequacy of system, process, and technology controls.
• Assess existing and new systems processes for adequacy of control measures and make recommendations for improvements through the provision of adequate support during project implementation, upgrades, and general improvements.
• Ensure control effectiveness and adequacy for the day-to-day running of business systems, ensure that changes within the organization are controlled to meet the business requirements of the organization.
• Ensure segregation of duties in all business systems and IT infrastructure by enforcing maker-checker controls for greater accountability processes and application controls.

Requirements

• Bachelor's degree in Computer Science/Engineering or other numerate/quantitative disciplines
• Professional qualifications such as CISA, CEH, CISSP, or other ​ recognized Information Security Certifications would be an added advantage

• ​ 3 – 5 years of experience in a similar role ​

• Good understanding of basic information security principles
• Proficiency with IT Security tools such as SIEM, DAM, NGFW, FIM, Vulnerability Scanner
• Security Monitoring (e.g., Security Operations Centre) experience would be an advantage
• Demonstrate a strong working knowledge of IT Infrastructure such as Operating Systems, Network Devices, Databases, etc.
• Experience with User Access Management
• Experience with Vulnerability & Incident Management
• Working knowledge of the requirements of Information Security standards/frameworks – ISO27001, PCI-DSS, NIST, OWASP, CIS, etc. Prior experience of involvement in the implementation of these standards would be an added advantage.