Job Description

Purpose of the job:
To maintain safe and secure functioning of company’s information system, network, implementation, and oversight of an information security programme.
 
Key Performance Area:
 
Safe functioning of company network security infrastructure:
Implementation and maintenance of company network security infrastructure.
Perform vulnerability assessment, risk analysis, system security planning and security infrastructure assessment and evaluation.
Monitors the internal control systems using appropriate tools to ensure access control levels are maintained.
Installing, configuring, and maintaining CISCO switches, routers and wireless devices.
Installing, configuring, and managing firewalls.
Monitoring and maintaining the attacks and exploit mechanisms, intrusion detection technology, data loss prevention product.
 
Information security plans, policies, procedures, and risk management:
Implement and monitor compliance and provide continuous review to security policies and procedures
Identify risks and provide mitigation plan
Implement the recommendations of the IT Security Committee
Provide advice on current security information and technologies related to regulatory issues
Implement information security awareness programmes
 
Secure computers and server's environment:
Check existing accounts and data access permission request against documented authorizations
Implement internal vulnerability assessment of IT Systems
Monitor antivirus systems on all company computers and servers
 
IT continuity disaster recovery plan:
Coordination of the disaster recovery site
Develop and implement information security disaster recovery test plans
Coordinate, maintain and backup emergency kit
Coordinate the testing of the IT continuity and disaster recovery plan
 
Administer the information security incidents:
Ensure that all the reported information security incidents follow appropriate channels for correction
Attend to any information security violation
Perform security audits on the network, interpret and analyse network traffic and related log files and prepare incident reports
 
Knowledge:
Knowledge of application and infrastructure security solutions (Firewall, Intrusion Detection/Prevention Systems, Network Security, IP protocols, Password Management, Data Encryption and Access Control)
Knowledge and understanding in IT continuity and disaster recovery
Knowledge of security issues, techniques, and implications across all existing computer platforms
Knowledge and experience in vulnerability assessments and penetration testing
Understanding of Security Fundamentals (encrypt, PKI)
Knowledge and understanding of Public Service Regulations
Knowledge and understanding of MISS and MIOS
Knowledge of security policies and standards

Skills Required