JOB TITLE: IT SECURITY SPECIALIST (1 Position)
REPORTS TO: MANAGER IT SECURITY
DEPARTMENT: TECHNOLOGY AND ENTERPRISE SOLUTIONS
JOB GRADE: D1
Job Purpose:
We are looking for a passionate and experienced IT Security Specialist to join our team. This person will be responsible for implementing, monitoring, and maintaining our security systems, by preventing unauthorized access to our data and responding to privacy breaches.
Duties and Responsibilities include:
- Ensure that application security is an embedded and critical part of the software delivery lifecycle (including during the early stages of projects) regardless of delivery methodology and toolsets used (e.g. static code analysis)
- Train and educate developers and teams in secure coding techniques including the use of supporting toolsets and enable them to self-service
- Conduct continuous vulnerability assessments on the Fund’s systems, including but not limited to source code libraries and runtime environments.
- Conduct compliance assessments by understanding business objectives, structure, policies and procedures, and internal and external regulatory controls.
- Identify and implement security requirements when developing applications, including when the development is outsourced.
- Document systems processes, and controls using narratives, flow charts, data flow diagrams, etc.
- Implement identity management and access control strategies, policies, procedures, standards, and guidelines.
- Collaborate with control owners to implement process changes and track to completion
- Act on privacy breaches and malware threats
- Understand and communicate the downstream impact of control deficiencies on the business.
- Monitor and Investigate security breaches and other cybersecurity incidents.
- Stay up to date on information technology trends and security standards.
- Implementation of IT security strategy
Education Requirements:
- A Bachelor’s degree in Cybersecurity, Computer Science, software engineering, Information Technology, or related field
- Professional qualifications in Security (CEH, C-WAST, DLP, SIEM), or related certifications.
Work Experience:
- Minimum of 3 years with hands-on programming experience using relevant languages
- Minimum of 3 years’ experience in IT/Information Security responsibilities in a fast-paced environment
- Any security configuration and/or automation experience is highly desirable
- Strong understanding of cryptography and SSL certificate lifecycle management
- Working knowledge and experience with web and application security would be added advantage.
Key Competences:
- Foundation experience and reasonable understanding of network stack (OSI model, TCP/IP), network ports and protocols, traffic flow, defence-in-depth, and common security elements.
- Understanding of network security (incl. Network and Host IDS/IPS, WAF, DAM, SIEM, Antimalware, DLP, URL filtering, others)
- Sound understanding and exposure to Application Penetration Testing
- Practical understanding of code analysis, security testing knowledge/techniques (SAST and DAST)
- Understanding of OWASP top ten web application security risks
- Practical understanding of SDLC
- Ability to learn on the job and a positive attitude towards learning and development.
- Motivated personality and ability to work in self-organized teams
- Ability to break down complex security issues to non-technical stakeholders.
- Strong analytical and problem-solving skills, plus the ability to think outside the box to anticipate possible threats
- Understanding of Cloud technologies and the associated risks
Interested individuals should click https://forms.office.com/r/bQ9BtbyUsB to fill out the application form and also send copies of their application letter, curriculum vitae and academic qualifications, addressed to the Chief of People and Culture to recruitment@nssfug.org by Friday 26th August 2022.
Women are encouraged to apply. Please note that canvassing or lobbying will lead to automatic disqualification of the candidate.