Purpose of the Job

• This position is responsible for identifying, evaluating, and reporting on cyber security risks, developing a set of security standards and best practices for the organization, monitoring networks and systems for security breaches and intrusions, leading technical and forensic investigations, managing the Deluxe vulnerability and penetration testing programs, and providing and implementing recommendations for security enhancements to management teams as needed.

Expected Key Results (Detailed KPIs)

Key Activities

• Responsible for oversight of the IPNX Cyber Security systems and processes, overseeing the IT General Controls related to firewalls, system access, data leakage protection, patching, encryption, vulnerability scanning, penetration testing, data protection, Phishing protection, SIEM and Cyber incident response.
• Monitor all operations and infrastructure for Cyber risks and establishmonitor alerts and logs
• Provide support to ensure security controls are designed and implemented appropriately to protect the security, confidentiality, privacy, integrity and availability of data in compliance with organization policies and standards
• Deploy security solutions in IPNX private cloud services to customers.
• Build and deliver systems to identify potential security incidents and serve as subject matter expert on escalated incidents
• Primary Escalation for all Critical/Major incidents following Incident management processes.
• Report unresolved security exposures, misuse of resources, and noncompliance situations using defined escalation processes
• Create and maintain reporting and documentation for security systems and procedures
• Develop and demonstrate subject matter expertise on all security technologies and keep abreast of emerging security support technologies and industry trends
• Investigate and resolve security violations by providing post-mortem analysis to illuminate the issue, and identify causes, possible solutions, and preventative measures
• Manage escalated Security Incidents from a people and process perspective.
• Analyse security logs and investigate network and server security violations and intrusions.

Vulnerability Management and remediation:

• Own the Vulnerability Management end to end process and ensure remediation and closure of all exceptions.
• Perform application and web-based security vulnerability assessments and penetration tests in accordance with industry accepted methods, protocols, and tools
• Conduct vulnerability analysis and create impact assessments
• Develop detailed work plans, schedules, resource plans for recurring vulnerability and penetration assessments
• Collate conclusions and recommendations.
• Identify and communicate current and emerging information security threats
• Assess current technology architecture for vulnerabilities, weaknesses and for possible upgrades or improvements.

Security Audit and reporting:

• Support internal security audits, liaise with the group risk and internal control teams to provide enterprise cybersecurity risk posture and Cybersecurity resilience reports.
• Report audit findings, including corrective action suggestions
• Conducts follow up remediation and track findings from previous audits through to closure
• Conduct Cybersecurity education and awareness training events for users and management.
• Arrange and conduct security assurance reviews and assessment, present quarterly reports to stakeholders.
• Work closely together with technical architects to produce design specifications according to information security policies, while fulfilling business needs.
• Conduct regular security audits on role-based access to IPNX systems and data.
• Conduct risk assessment of vulnerability reports and impact risks to service

Educational Qualifications & Functional Skills

• University Degree in Computer Science, Information Technology, Management Information System, or related field
• Post Graduate degree (MBA, M.Sc., etc.) an added advantage
• In-depth knowledge of Linux, Unix operating systems Kali Linux experience
• Experience writing cybersecurity policies, procedures, standards and baselines
• Excellent documentation skills.

Work Experience:

• 5+ years’ experience with the development, deployment, management and automation of security solutions in an enterprise (cloud and on-premise) environments
• Professional certification: Security certification of one or more of the following: CISSP, CRISC, CCSP, CISM, CISA, CEH, CCNP security.
• High degree of professionalism, work ethic, integrity and passion for Information Technology and Security

Other Requirements:

• Customer Focus
• Tech savvy
• Action orientation
• Drive results
• Cultivate Innovation
• Ability to optimize work processes
• Resilience
• Self-Development
• Nimble Learning
• Ensures Accountability
• Practical and deep knowledge of security risk management methodologies and frameworks.
• Experience with cloud and SaaS technologies and zero-trust security are highly desirable
• Deep knowledge and experience with vulnerability management and penetration testing systems;
• Familiarity with latest security vulnerabilities, advisories, incidents, penetration techniques, attack vectors, and countermeasures.
• Knowledge of network based, system level, and application layer attacks and mitigation methods
• Experience extracting pertinent security data from monitoring solutions and audit logs, and reports
• Experience in variety of security technologies and architectures, such as MFA, VPN, DLP, SIEM, privileged access management, network security, data security, cryptography, micro segmentation, software-defined networks.
• Experience with enterprise security platforms and architectural design. Strong preference to candidates with proven (Cloud Computing security experience).
• Strong understanding of cyber security concepts, protocols, industry best practices, strategies, frameworks and regulations such as ISO 27001, NIST Cybersecurity Framework, Payment Card Industry Data Security Standard (PCI DSS), Sarbanes-Oxley (SOX).
• Understanding of the Software Development Life Cycle and Development Operations (DevOps) principals.

Dimensions
Financial Dimensions:

• Budget: Not Required
•  PO Approval: Not Required

Other Dimensions:

• No. of vendors: Engagement of 3rd parties when it is absolutely necessary
• No. of direct reports: None for now

Impact of position:

• Impact on customers (Please select one of the options below):

Type of customers:

• Mainly Internal Mainly External Internal & External

Approvals:

• Reporting Manager Functional Head HR