IT Information Security Analyst at a Telecommunication and Financial Service Industries - GVA Partners

GVA Partners - Our clients in the telecommunication and financial service industries is recruiting to fill the position of:

Job Title: IT Information Security Analyst
Job Ref NO: GVA/ISA 01

Location: Nigeria

Job Description:

• The Information Security Analyst reports to the Head of Information Risk Management and is responsible for the design, implementation and maintenance of effective systems security solutions.
• S/he will also investigate and resolve identified systems security breaches, create comprehensive maintenance of information security policies, standards, guidelines and procedures and monitor for compliance in line with the organization’s IT security policy and applicable laws.
• The successful candidate in collaboration with the Information Technology Services (ITS) Systems Support team, will also monitor, assess, and fine-tune the IT business continuity and disaster recovery program, perform network penetration tests, application vulnerability assessment scans and risk audit reviews.
• This is a senior opening which provides an opportunity to work with a team of talented technical skills in transforming a leading Emerging Markets Operations in the Financial Services sector, positioning it for growth and leadership within its region, by actively working to achieve the enterprise security goals of the establishment.

Experience & Qualification:
The successful candidate will be expected to have aptitudes, skills, knowledge and experience on the following areas:

• Extensive experience in enterprise security architecture design and enterprise security document creation.
• Solid knowledge of information security principles and practices.
• Working experience with intrusion detection systems
• Installation, configuration, monitoring and response to security system
• Understanding of advanced security protocols and standards
• Experience with IP networking, networking protocols, IPSec, VPN’s, firewalls, proxy services, DNS, email, accesslists.
• Experience with internet, web, application and network security techniques.
• Proven analytical and problem-solving abilities.
• Ability to effectively prioritize and execute tasks in a high-pressure environment.
• Good written, oral, and interpersonal communication skills.
• Ability to conduct research into IT security issues and products as required.
• Ability to present ideas in business-friendly and user-friendly language.
• Experience in designing and delivering employee security awareness training.
• Highly self motivated and directed.
• Keen attention to detail.
• Team-oriented and skilled in working within a collaborative environment.
• Experience with software and security architectures
• Proactively assesses potential items of risk and opportunities of vulnerability in the network
• Experience with security practices of Intranet and Extranet
• Support day-to-day administration of various firewalls
• Knowledge management
• Entrepreneurially minded
• A good bachelor’s degree in Science, Electronic Engineering or any related discipline.(B.Sc degree in Computer Science, Engineering discipline, Mathematics or Physics will be a distinct advantage)
• Experience within the Financial Services sector will be a distinct advantage
• Experience in managing/working with senior stakeholders will be a distinct advantage

Job Function :

• Monitor and advise on information security issues related to the systems and workflow to ensure the internal security controls are appropriate and operating as intended.
• Coordinate response to information security incidents.
• Conduct data classification assessment and security audits and manage remediation plans.
• Collaborate with IT management, the legal department, and other stakeholders to manage security vulnerabilities.
• Participate in projects from outset, ensuring Information Security principles are built into the design and implementation from the outset
• Perform the deployment, integration and initial configuration of all new security solutions and of any enhancements to existing security solutions in accordance with standard best operating procedures generically and the enterprise’s security documents specifically.
• Create, manage and maintain user security awareness.
• Conduct security research in keeping abreast of latest security issues.
• Pro-actively take steps to avoid security breaches
• Maintain up-to-date detailed knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors.
• Recommend additional security solutions or enhancements to existing security solutions to improve overall enterprise security.
• Prepare IT security documentation, including information security policies, procedures, standards and guidelines based on compliance requirements and knowledge of best practices.

Strategy & Planning:
The Information Security Analyst will:

• Lead the planning and design activities for the enterprise security architecture, under the directives of the Head, Information Risk Management.
• Participate in the creation of enterprise security documents (policies, standards, baselines, guidelines and procedures) in collaboration with other team heads in the Information Risk Management unit.
• Provide leadership and work guidance to members of the Information Security team.

Problem Solving:
The post holder will be expected to work actively to achieve enterprise security goals within a set of resource constraints. S/he will need to:

• Have the ability to think logically and analyse complex situations for effective, sometimes out of the box solutions.
• Work with all stakeholders to develop strategic solution options and delivery plans

Communicating With Others:

• The Information Security analyst will be expected to have excellent communication skills and experience in working with sponsors and other members of the business. The following points illustrate this:
• Communication and visibility of all critical issues and their status and service restore plans
• Define team member roles and expectations, and ensure timely feedback
• Communicate the technology vision and service improvement plans to internal and external stakeholders

Operational Management:
The operational scope of the post holder is underscored by the following functions

• Identify security risks, threats and vulnerabilities of networks, systems, applications and new technology initiatives.
• Provide technical support in the development, testing and operation of firewalls, intrusion-detection systems, enterprise anti-virus and other automation as required.
• Ensure the confidentiality, integrity and availability of the data residing on or transmitted through the organization’s workstations, servers , systems through databases and other data repositories.
• Ensure active compliance with information security requirements
• Maintain up-to-date baselines for the secure configuration and operations of all in-place devices, (i.e., security tool, workstations, servers, network devices, etc.).
• Maintain operational configurations of all in-place security solutions as per the established baselines.
• Review logs and reports of all systems and devices
• Participate in the design and execution of vulnerability assessments, penetration tests and security audits.
• Provide on-call support for end users for all in-place security solutions.

People Management & Development:

• The post holder will need good people skills including
• Build and maintain relationships with the overall team and stakeholders.
• Coach, mentor, appraise and develop team members

Requirements:

• 5 or more years experience in network, host, data, application, O/S systems enterprise environment as an IT Security Analyst, Information Assurance Analyst or Information Engineer
• 3 or more years experience in leading technical teams
• Technical knowledge of configuring and maintaining at least one leading corporate firewall solution
• Cisco certification (CCNA, CCNP) would be a distinct advantage
• Desired Technical Knowledge: UNIX, AIX, Linux, Cisco Network IDS, Cisco Host-based IDS, DES encryption, Digital Certificates, SSL, VPN, IPSec, TCP/IP, DNS and web security architecture, mySQL, subversion, SpamAssassin, Nmap, Nikto, Nessus, Paros

Application Closing Date
5th September, 2014

Method of Application:
Candidates who meet the above requirement should email their resume to: [email protected] & [email protected] PLEASE, STATE THE POSITION YOU ARE APPLYING FOR IN THE SUBJECT FIELD OF THE MAIL.