Get a free C.V. review by sending your C.V. to firstname.lastname@example.org or click the following link. Submit C.V.! use the subject heading REVIEW.
IMPORTANT: Read the application instructions keenly, Never pay for a job interview or application.
Click the Links Below to Get Job Updates.
SECURITY OPERATION ASSISTANTS (5 positions)
Reporting to the Systems Security Officer, the job holder will be responsible for monitoring the IT infrastructure and supporting investigation of security breaches and incidence response, and perform security impact analysis in the change process.
Key Tasks and Responsibilities
System & Data Access: Maintain access rules to ICT systems and resources includingapplications and data and ensuring appropriate access control procedures are adhered to meet defined security standards while maintaining supporting documentation, and that access is based on least privilege and need basis, towards maintaining confidentiality and integrity of data.
Systems Security & Change Management: Liaise with the systems analysts, systems design,and systems development teams to provide security design review and approval for new Sacco ICT systems and/or services as well as proposed changes to existing systems and/or services. Further work is to carry out security tests on the systems before deployments.
ICT Disaster Recovery (DR) Planning: Ensure development and maintenance of currentDRPs that ensure systems’ resilience to support ongoing Sacco operations. Further is to ensure ongoing testing of system backups through scheduled or ad hoc restoration exercises involving business systems owners’ signoff and making and recommending relevant adjustments to the plans as may be necessary in order to be within stipulated & expected timelines and thresholds (i.e. RPO, RTO etc.).
Information Security Incident Management: Be involved in the establishment ofmechanisms for information and cyber security incident response management including monitoring, detecting, remediating and fully investigating security breaches to establish and treat the root cause (s) so as to minimize future occurrences as well as perform impact analysis.
Risk Assessment and Audit: Proactively monitor current and emerging information and cybersecurity risks and changes to laws and regulations that may present new business risks, and to detect weaknesses in the design and implementation of controls, carry out vulnerability assessment and penetration testing on Sacco’s ICT systems, report identified weaknesses and follow-up on corrective action and its effectiveness. Further, is to engage and support internal and external auditors in their assignments and subsequently assist in laying effective remedial plans to resolve audit findings touching on information and cyber security matters including
reporting on progress of corrective action. Required to Perform malware analysis and digital forensic investigations.
Information & Cyber Security Awareness and Training: Design, recommend and carry outInformation and Cyber Security awareness and training campaigns for all Sacco stakeholders/constituents towards creating a culture of consciousness about information and cyber security risks and the different ways in which to avoid or mitigate such risks.
Compliance Monitoring: Ensure compliance with the approved policy, best practice, securityrequirements and set minimum baseline standards. Document and research security breaches and assess any damage caused.
Professional Development: Grow and maintain professional development by attendingeducational workshops/seminars/conferences, reviewing professional publications, establishing professional networks and participating in professional societies.
Continuously research on emerging threats and vulnerabilities in information security to gain awareness of the latest information security technologies and developments.
Partners: Assess external partners such as vendors’ andcontractors’procedures, processes andsecurity controls to ensure they adequately protect the organization’s business information and transactions.
Collaboration: Work with user departments to ensure information technology threats areproperly identified, analyzed, communicated, investigated and corrective actions taken.
Bachelor’s degree in Information Technology, Computer Science or any other related field with relevant IT Security professional qualifications i.e. CISSP, CISA/CISM/CEH or other relevant security certifications.
At least 3 years’ experience in Security/Network administration with strong technical knowledge of database, network and operating systems security.
Knowledge of various security methodologies and processes and technical security solutions (firewall and intrusion detection systems).
Knowledge of TCP/IP Protocols, network analysis, and network/security applications. Working knowledge and experience in penetration testing and vulnerability assessments.
Knowledge of common cybersecurity threats and sources of cybersecurity information. Good understanding and knowledge of risk assessment, risk procedures, security assessment, vulnerability management, penetration testing.
Kindly Note; You will be required to Sign In to your Gmail account to complete the application form.
The closure date for the above applications is on 16th October 2020.