JOB OBJECTIVE
The objective of the job is to be the expert on information security, taking lead responsibility for the IT technical aspects of security, the awareness program for end-users' information security behaviors, and performing the Lead Auditor role in internal and external information security and IS quality audits.
MAIN ACCOUNTABILITIES:
- Implement cybersecurity measures, including cybersecurity analysis activities, covering 3-6 sites
- Monitor and report on KPI including cybersecurity components of all IST projects
- Provide enterprise security advice to all users on information security risks, issues, processes, tools, and behaviors. Communicate this information in ways clearly understood by non-technical people
- Develop and organize the delivery of awareness initiatives through a variety of channels using innovative methods to grab Information Users’ attention and achieve behavioral change
- Participate in company and industry security forums where required
- Assist with Departmental Audits. Contribute to defining scope, planning, preparing reports of findings and recommendations, and monitor the close-out of actions
- Participate in the investigation of information security incidents, organizing the activities of the IS department, HQ support teams, and external organizations as required. Ensure that incidents are managed, controlled, and resolved. Assist with root cause analysis and lessons learned to identify further actions which can reduce the likelihood or impact of recurrence
- Assist with the management of the IS Work Program management process. Monitor and report on Department project processes and assist with the deployment and awareness of the project management methodology
- Assist with the management of the IS Disaster Recovery Plan and regular test exercises in line with Company BCP
- Ensure that the Company security architecture is embedded in all IS projects and activities by early engagement with project managers
- Assist with information security risk assessments using applicable Company standards and industry best practices to identify risks to the Company. Assist with the development of action plans to remediate any identified issues
- Monitor recurrent IS processes with an information security impact, raising issues as appropriate
- Regularly review administration accounts to ensure that they are deleted when no longer required or their level of permission is restricted to what is strictly necessary
- Ensure that information security actions are completed in a timely manner according to priority by issuing monthly reports and conducting regular reviews
- Assist with the design and operation of compliance monitoring and improvement activities to ensure compliance with internal security policies, company rules, directives, guidelines, and applicable laws and regulations
- Ensure proactive and close coordination with the industrial cybersecurity team to develop common strategies
- Manage and track monthly Athena scan results and P0/P1 vulnerability alerts
- Coordinate vulnerability reports from Company IS teams
- Distribute vulnerabilities to relevant service owners and maintain tracking spreadsheets and follow up on mitigation plans
- Manage incoming ARGOS incident tickets and liaise with the information user and, where required, the relevant IS teams to investigate or remediate
- Follow up on any security or audit actions tracked within the Security and Audit Action Tracker. Track security action remediation and report on progress
- Re-validate user access with business owners every 6 months and make appropriate corrections where identified
- Assist with periodic review of IT administrator accounts
- Conduct periodic validation of administrator accounts with the relevant team managers to identify ongoing needs or anomalies
- Assist with service account reviews annually and act on any non-compliance
- Assist with annual Cybersecurity ER and DRP exercises
- Assist with Cybersecurity Compliance Reviews and assessments
- Assist with security validation of new equipment (server and network) before implementation
- Assist with maintenance of Reporting dashboards of Cybersecurity aspects monthly
KEY REQUIREMENTS
- Bachelor’s in Computer Science or Engineering with 5 years of professional experience in IT security
- Working knowledge of information security standards, processes, and technologies with a broad technical IT knowledge
- Experience in Active Directory and administration
- A self-driven approach to keeping skills and knowledge up to date using a variety of methods including training, research of public and specialist sources, attending conferences/seminars, and building personal contacts
- Ability to understand, explain, and present complex technical ideas to both technical and non-technical audiences at all levels of management
- Must be process-driven and detail-oriented
- Awareness of Microsoft Windows security systems and permissions
- Working knowledge of networking principles and concepts
- Microsoft Power BI knowledge is an added advantage
*Only applicants meeting the strict criteria outlined above will be contacted as part of the shortlisting process