Systems Security Officer
Published | October 31, 2024 |
Expires | November 21, 2024 |
Location | Nairobi, Nairobi County, Kenya |
Category | ICT and Technology |
Job Type | Full-time |
Description
Skyline Sacco Society Ltd is seeking a skilled Systems Security Officer to bolster our team. Join a vibrant and inclusive organization dedicated to upholding the highest standards of data integrity and system security.
Primary Responsibilities:
The Systems Security Officer is accountable for safeguarding information assets, preventing unauthorized access and attacks on IT systems, actively monitoring systems for security threats ('events'), and conducting thorough analysis and reporting on identified threats and intrusion attempts.
Their responses are adjusted based on the severity of the issues, encompassing resolution or necessary escalation as deemed appropriate.
Key Responsibilities:
- Active monitoring and analysis of the Sacco networks for malicious activity through Security Incident and Event Management (SIEM) reporting.
- Carry out internal and external penetration tests on the Sacco’s platforms.
- Compliance Assurance:
- Conduct routine security assessments and risk analyses.
- Cultivate a culture of heightened security awareness within the organization.
- Deploy endpoint detection and prevention tools to thwart malicious hacks.
- Develop and maintain an incident response plan.
- Educate staff on security best practices by carrying out awareness campaigns on cyber security matters.
- Engage in 'ethical hacking', for example, simulating security breaches.
- Ensure compliance with regulatory standards and best practices.
- Follow-up on detected security issues and implement solutions to reduce security risks.
- Generate reports for both technical and non-technical staff and stakeholders.
- Identify IT security weaknesses and implement solutions.
- Implement measures, such as firewalls and encryption, to address potential weaknesses.
- Implement and manage robust security protocols.
- Implement vulnerability management systems across all assets on-premises and in the cloud.
- Lead investigations and manage responses during security incidents.
- Liaise with stakeholders in relation to IT security issues and provide future recommendations.
- Monitor access to all bank systems and maintain access control profiles on computer networks and systems.
- Monitor adherence to data protection laws and internal policies.
- Monitor for attacks, intrusions, and unusual, unauthorized, or illegal activity.
- Monitor identity and access management, including monitoring for abuse of permissions by authorized system users.
- Oversee incident response planning as well as the investigation of security breaches and assist with disciplinary and legal matters associated with such breaches as necessary.
- Perform regular audits to ensure security practices are compliant.
- Produce accurate, interactive, digestible information security reports with associated mapping and dashboards.
- Perform Duties of data protection Officer as guided by the law
Requirements:
- Bachelor’s Degree in Information Technology, Computer Science, or a related field, along with professional certifications (SANS, CISSP, CISA, CISM, CCNA/P, Security+), offering added value.
- Three years of hands-on experience in IT security demonstrating practical expertise in the field.
- Demonstrated proficiency in systems security management, requiring a minimum of three years' experience in system security and administration.
- Proficiency in cybersecurity tools, methodologies, and technologies such as SIEM, intrusion detection/prevention systems, network security managers, firewalls, and endpoint logging.
- Technical prowess across database, network, and operating system security, along with familiarity in TCP/IP Protocols, network analysis, and security applications, is pivotal.
- Excellent communication, problem-solving, and decision-making skills, coupled with innovation, creativity, and adeptness in project management, are highly sought-after attributes.
- Self-motivation and the ability to work autonomously are greatly valued traits in potential candidates.
- Strong IT skills and knowledge including hardware, software, and networks.
- Meticulous attention to detail.
- Ability to use logic and reasoning to identify the strengths and weaknesses of IT systems.
- A forensic approach to challenges.
- A deep understanding of how hackers work and ability to keep up with the fast pace of change in the criminal cyber-underworld.
- Ability to seek out vulnerabilities in IT infrastructure.
Application Procedure
Interested and qualified candidates are invited to submit application letter and curriculum vitae indicating current and expected remuneration package to careers@skillsglobal.co.ke