Purpose of Role
As Information Security Analyst, the role holder will be responsible for the cyber security and risk management program on ICT on-premises and Cloud assets. The Information Security Analyst will primarily be responsible for the design, implementation, management, and operations of security controls and systems to protect the confidentiality, integrity, and availability of information assets and improving cyber-maturity. The role holder will also lead risk assessments, develop, improve, and implement security policies, procedures and standards aligned to best practices. The role holder will develop the Infosec roadmap in consultation with the Head of ICT Infrastructure, design technical infosec controls and own the vulnerability management program. The information security analyst will work collaboratively and effectively with other departments as well as 3rd party vendors to achieve security objectives.
Duties and Responsibilities
Support development, implementation and maintenance of information security policies, standards and processes to prevent, detect, analyze, and respond to information security incidents.
Lead and contribute to the development, operations and maintenance of the information security incident management process, awareness training and campaigns, vulnerabilities management and penetration testing.
Support risk-based implementation of security controls for the protection of information systems, networks, and applications.
Support BAU IT security operations including Security Incident & Event Management SIEM processes, vulnerability assessments, and threat and incident management to mitigate risks.
Proactively research and develop technical solutions/security tools to help mitigate security vulnerabilities and automate repeatable tasks.
Collaborate with business applications, Infrastructure, digital & data innovation, and ICT service delivery ICT units to ensure systems, applications and networks are secure by design.
Assist internal and external stakeholders, including auditors, when required, with information security questionnaires, audits, reviews, investigations, etc.
Lead security audits and data protection Initiatives, conduct vulnerability assessments and penetration testing, manage remediation efforts, and track the closure of deficiencies.
Review logs and alerts generated from information security assets in ICT and collaborate in remediation.
Create customized training programs for experienced IT professionals as well as staff that will help them demonstrate their ability to lawfully assess security of systems and discover
Develop and present reports regularly and other responsibilities relevant to the role.
Qualifications & Experience
Degree in Information technology, Information Security, or a related qualification
Minimum 3+ years working in information security or technical IT e.g., systems administrator role.
Preferably certified in all or part of the following - ISACA CISM, CISSP, CCSP, CEH, CISA, CCNP (Security)
Have experience working in the industry in a technical security related role e.g., Penetration Tester, SOC Analyst, Security Engineer, or systems administrator.
Knowledge and Competencies
Have a strong technical understanding of networking, computing, and cyber security.
Experience working with distributed IT infrastructure, networking, and application environments.
Strong personal, organizational, and self-management skills.
Strong communication skills, in English.