Description:
- Review the IT Security Corporate Information policy, which forms the IT Security foundations for the organisation as well as create and review other security policies and procedures as required from time-to-time, to remain compliant with IT security standards specifically ISO27001 and other IT Security best practices in all IT environments and systems
- Monitor, control and follow-up on anti-malware, patch management, software updates, encryption, other end-point devices particularly mobile devices and usage of unlicensed software alerts
- Coordinate and provide IT Security Awareness programs;
- Investigate and follow-up on IT Security incidents
- Work and liaise on technical IT Security projects both on the IT Infrastructure and IT Systems areas
- Provide guidance toward addressing security findings from IT Security reviews and penetration testing, identify technical vulnerabilities and define remediation measures with the goal to create, review and update IT security related operational procedures
- Report IT Security findings by providing monthly and quarterly reports whilst following-up on detected results;
- Keep abreast with IT Security practices and technological advances in this field
- Plan and implement comprehensive security strategies.
Requirements:
- Have an IT/Engineering degree and a minimum of 5-years of working experience in the IT sphere (of which 2-years' in the IT Security field) and 2 years leadership/management experience
- Excellent knowledge of IT Infrastructure and Systems field, ideally in the financial services sector
- Qualifications on the IT Security area and/or is in the process of obtaining an IT Security related certification such as CEH, CISM, CISSP or similar is an advantage
- Ideally posses vendor certifications such as CCNA/CCNP and MCSE
- Excellent understanding of security components such as firewalls, URL filter, end-point protection amongst others
- Have knowledge of security standards (such as PCI-DSS, ISO27001)
- Have practical knowledge of Microsoft Active Directory, SCCM, Microsoft SQL server & IIS, Microsoft Server & desktop environments and Cloud based solutions & security (MS Azure environments - particularly Microsoft O365 environments with a focus on the Security and Compliance centre)
- Practical know-how to conduct internal penetration testing and report on the relevant findings;
- Have experience with virtualisation and scripting languages (particularly Windows PowerShell)
- Practical knowledge of monitoring, alerting, audit and logging systems;
- Possess strong analytical skills and excellent verbal and written communication skills
- Strong command of the English language
- have willingness to mentor, guide and support colleagues; and be a great team-player
- A desire to keep on learning and is up-to-date with the latest security threats and measures.