The African Reinsurance Corporation (Africa Re) is the leading African reinsurance company with headquarters in Lagos (Nigeria). Africa Re has six regional offices: Casablanca (Morocco), Abidjan (Côte d’Ivoire), Nairobi (Kenya), Lagos (Nigeria), Cairo (Egypt) and Ebene (Mauritius). The Corporation equally has two subsidiaries: African Reinsurance Corporation South Africa Ltd in Johannesburg (South Africa), Africa Retakaful in Cairo (Egypt) and one Local Office in Addis Ababa (Ethiopia).
Africa Re has a broad-based shareholding comprising 41 African member States, the African Development Bank (AfDB), 114 African insurance and reinsurance companies and three non-regional shareholders, including leading global insurers and reinsurers. The Financial Strength and Credit Rating of Africa Re is A by A.M. Best and A – by Standard & Poor’s.
Responsibilities
- The successful candidate shall report to the Head of Infrastructure Services in the Information & Communications Technology (ICT) Department at the Head Office.
Duties / Job Details
- Analyze, investigate, respond, and recover from/to cybersecurity incidents, events and threats as per the incident response lifecycle.
- Work with professional cybersecurity consultants to manage and maintain all the security controls deployed on the Corporation's network: Network Firewalls, Switches and Routers, Network Access Control (NAC), Security Information and Event Management (SIEM), etc.
- Work alongside senior engineers and subject matter experts (SME) to evaluate and select assessment tools and other cybersecurity technologies to enhance the existing security solutions.
- Understand the Corporation’s IT/security infrastructure and business requirements as well as mitigate security concerns and IT risks as needed.
- Maintain ongoing learning and continually stay abreast of relevant industry updates and changes via conferences, training, and events given the rapidly evolving cyber threats landscape.
- Monitor and regularly perform security technology reviews and security risk assessments. Serve as a risk advocate and collaborate with the enterprise risk and compliance management department.
- Recommend security solutions to mitigate risk and improve the security posture of the Corporation and the internal environments.
- Continually improve security posture and provide hands-on cybersecurity support to address IT security issues as needed.
- Work closely with other members of the ICT team to implement policies and technology to secure information, computer, network and processing systems.
- Manage and configure tools to monitor activity on the network. Analyze the reports from those tools to identify unusual behavior on the network (detection of cyber threats) and then implement safeguard measures to protect the enterprise network.
- Apply security patches to protect the network and proactively identifies network vulnerabilities through penetration testing, vulnerability scans and generated assessment reports.
- Perform network penetration tests, organize network-based scans to identify possible network security attacks and host-based scans to identify vulnerabilities in workstations, servers and other network hosts.
- Leverage existing integrated platform for users’ security awareness training combined with simulated phishing attacks to regularly educate all workforce involved in using and managing IT assets.
Minimum Qualifications and Experience
Applicants must meet the following requirements:
- Holders of Bachelor's Degree in Cybersecurity or Bachelor's Degree in Computer Science, Computer Engineering or related field with a concentration or majors in cybersecurity.
- The candidate must have 1-2 years of relevant cybersecurity work experience in enterprise cybersecurity. Experience can be in any discipline of cybersecurity, with a preference for incident response.
- Relevant cybersecurity work experience with knowledge or product expertise in either security testing; security integration and governance; malware analysis; cloud security or risk and compliance.
- Able to contribute to the development of security standards, access controls and compliance requirements based on industry standards and compliance with one or more of the following is preferable: ISO27001, NIST Cybersecurity Framework.
- Applicants that possess knowledge of data security and personal data privacy protection standards, including classification, encryption, Data Loss Prevention (DLP), privacy laws, and regulations, have an advantage.
- Applicants with functional understanding of secure network architecture and the capability to construct, manage, and report metrics that assess the efficacy of security mechanisms will have a competitive edge.
- Candidates must possess any of the following cybersecurity professional certifications: CompTIA's Security+, CompTIA Cybersecurity Analyst, CompTIA Advanced Security Practitioner, CompTIA Security Analytics Expert, Certified Ethical Hacker (CEH) Certification, Offensive Security Certified Professional (OSCP), Certified Security Testing Associate (CSTA), Computer Hacking Forensic Investigator (CHFI), GIAC Penetration Tester (GPEN) or similar industry recognized certifications within the last 2-3 years.
Main Competencies:
- Advanced understanding of cybersecurity principles, methods, and technologies, with a detail-oriented, customer-focused approach.
- Ability to build strong stakeholder relationships for effective cybersecurity measures and excellent presentation skills for non-technical audiences.
- Monitoring systems, implementing security policies, analyzing incidents, and collaborating with IT teams to resolve issues.
- Conducting security audits, tracking incident response metrics, and performing regular risk assessments.
- Flexibility to adapt to changing threats, proficiency in cybersecurity tools, and integrity in handling sensitive information.
- Comprehensive knowledge of current cybersecurity threats, ability to work independently or collaboratively, and proficiency in Microsoft Office and integrated cybersecurity software.
Additional Requirements:
Applicants must be:
- Solution-oriented with an aptitude for solving problems and taking initiative.
- Team player with strong collaboration skills.
- Hands-on engineer, highly motivated with a willingness to learn new technologies.
- Able to communicate effectively (written and oral) in English Language.
- Working knowledge of French Language will be an added advantage.