Responsible for identifying cyber security risks and mitigating them through the deployment of technologies, processes and awareness. Responsible for reporting on security breaches and recommending mitigations which should be applied in future.
· Responsible for conducting continuous scanning and security monitoring of all IT cybersecurity domains, i.e. Networks, Firewalls, Anti-virus, Mobile devices, Patch management.
· Responsible for monitoring the governance aspects related to the security with ATNS to ensure the standards are maintained.
· Perform continuous threat and vulnerability management monitoring.
· Responsible for monitoring the policies and procedures related to ICT Security.
· Responsible for analysing and assessing potential security risks and developing plans to deal with such incidents.
· Makes recommendations based on various monitoring outputs to improve security posture of the organisation.
· Participates in integrated security forum
· Ensures that the security architecture meets all the requirements in line with the overall ICT strategy of the organization and cyber security requirements.
· Manages the dependencies between the various areas of the business and ensure that various security components are aligned.
· Develops and Implements organization-wide policies and programmes and ongoing activities to preserve the availability, integrity and confidentiality of the information resources in compliance with
applicable security governance and standards.
· Identifies and Implements suitable tool sets to manage the security environment
· Operates and controls the Information Security Management System (ISMS).
· Implements key Information Security projects.
· Conducts information gathering on internal and external security intelligence for
· To ensure that any threats to the ATNS network, systems and ATNS/HO/HC Job Profile Template August 2018 investigation into security incidents.
· Investigates, responds and actions information security incidents.
· Responsible for writing incident reports and submitting to Senior Management for decision-making purposes.
· Selects, applies, and ensures adherence to good information security practice.
· Ensures internal and external suppliers and partners implement security to the required standard and maintain positive relationship with vendors.
· Ensures that all IT risks are mitigated and addressed.
· Responsible for investigation into incidents related to recovery of deleted files, analysing and interpreting data linked to crime, analysing mobile telephone records and uncovering links between
events, groups and individuals through pursuit of data trails.
· Maintains detailed records of investigations to be used as evidence in internal disciplinary hearings as well as court of law.
· Responsible for compliance of the security policy through effective management of security events.
· Manage and comply with all IT policies, procedures and standards relating to IT security systems.
· Manage configuration and change control records with regards to IT security system activities.
· Develop metrics that allow the enterprise to gauge the success of security system investments.
· Ensure and report on IT DR exercises that are conducted with business on all IT systems as well as make recommendations for continuous improvement in order to ensure business continuity.
· Develop and review current disaster recovery management plan.
· Conduct/ review and sign-off on IT Security audits
Formal Qualifications: Tertiary degree/diploma in IT or Engineering
Certified Information Systems Security Professional (CISSP) Certificate
Years of Experience: Minimum 10 years experience in the IT Environment of which 5 years should be in an Enterprise Security Function with at least 3 years in a Specialist/ Supervisory role