PURPOSE:
The purpose of this role is to provide continuous independent assurance on the Organization's Information Security with regards to condentiality, integrity, availability and non-repudiation within the IT infrastructure, processing systems and related resources in line with the Information Security Policy and supporting procedures. This will entail understanding the business processes, and defending information and systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction.
PRIMARY RESPONSIBILITIES:
Provide input in the establishment regarding implementation and adherence to policies and standards that guide and support the terms of the information security strategy.
Take lead in the information systems security configurations, performance optimization and Penetration testing.
Develop IS security plans and design Information Security controls and testing plans.
Managing the information security incident management program to ensure the prevention, detection, containment, and correction of security breaches.
Deploying AI-Driven technology mobilization to proactively manage cyber and enterprise risks.
Ensure Information systems are patched and updated on a timely basis.
Maintain and optimize subsidiary IT infrastructure.
Manage and optimize DR site and related systems security settings.
Review all relevant system logs to identify and address activity that is not consistent with set out Information Security guidelines and standards.
Ensure that the Organization's processes and procedures are performed in compliance with the Organization's information security policies and standards.
Ensure that information security is an integral part of the systems development processes and acquisition processes.
Ensure that information security is maintained throughout the organization's processes (e.g., change control) and life cycle activities.
Ensure the performance of contractually agreed information security controls. (e.g., outsourced providers, business partners, customers, third parties)
Proactively anticipate potential threats and vulnerabilities and provide guidance on effective control measures.
Working with the risk function to oversee and conduct risk management activities (risk assessment, gap analysis, business impact analysis, etc.) to help the Organization reach her acceptable level of risk tolerance. Advising and making recommendations regarding appropriate physical and technical security controls.
Advise on the design, development, and implementation of Information disaster recovery procedures to minimize loss of data/or systems.
Coordinating with vendors, auditors, executive management, and user departments to enhance information security.
Provide information security advice and guidance (e.g., risk analysis, control selection) in the organization.
PERSON SPECIFICATIONS
Academic Qualifications
BSc in any computer related studies.
Professional Qualifications
CISM/CISA/CISSP
CCNA
CompTIA Security+
Certified Ethical Hacker
Experience:
Over 3 years' experience in Information systems Security administration.
Skills
Excellent interpersonal and communication skills.
Strong understanding of network protocols and server architecture.
Proficiency in security tools and software.
Ability to respond promptly to security threats.
Knowledge of current security trends and threats.
Highly technical in network technologies (WAN, LAN, VOIP, WIRELESS AND VPN).
Highly technical in virtualization and SAN.
Highly technical in Microsoft server roles; Domain controller, DNS, AD, ADFS, DHCP, and Azure.
highly technical in Linux.
Highly technical in Microsoft Exchange and Office 365.
Highly technical in IS security systems; Firewall (Check point), IDS, IPS, SIEM, PAM, SOC, SOA, and antivirus.
Technical in database and application connectivity protocols.
Highly technical in backup solutions and concepts.