Reporting to the Senior Manager – Technology Security, the position holder will Identify and promote industry leading practice for Technology Security, and Security risk management for Safaricom; Ensure effective monitoring and operational management of the functional technology risks ; Implement Security policies, standards and procedures; Provide technical security expertise and support to project teams to ensure the efficient use of systems and tools; Drive implementation and monitoring of security aspects of Safaricom Technology infrastructure and applications.
Responsibilities:
- Carry out security vulnerability assessments and penetration testing on Safaricom Business Systems, Data and GSM networks;
- Minimize and mitigate risks introduced by existing and new technologies, products and services;
- Advice on mitigation and resolution to the technical resources;
- Implement Information Security Policies, Standards, Procedures & & Minimum Baseline Standards (aka Checklist/Guideline);
- Provide input to defining compliance and monitoring metrics for Technology Security;
- Liaise with Internal & External Auditors in the implementation of System Security audits to ensure that system audit scope will add value to the risk management process. Ensure that Internal & External Auditors do not put Safaricom at risk when conducting system audits;
- Assist Information Custodians with the resolution of system audit findings;
- Provide a report detailing resolutions and get sign-offs from the system custodians;
- Develop, maintain, and troubleshoot various system security systems including (but not limited to) Content filters, Antivirus, Logging Solutions, Network and Host IDS/IPS;
- Ensure that all new content threats are addressed and Protect the environment from intrusions/hacks;
- Update the security technologies by installation of new signatures and patches;
- Information Security Research – ensure regular updates for all new threats to all technologies implemented in Safaricom (this Design and advice on Security implementations for all new systems within the technical division;
- Design and advice on Security implementations for all new systems within the technical division;
- Participate in all technical projects and provide Security requirements in line with information security policies and Standard requirements.
- Build a security in-depth network and ensure the Firewalls, IPS/IDSs, Network authentication technologies are designed in line with Security best practices.
Requirements:
- Formal 4 year Information Technology Degree from an acknowledged university;
- Minimum of 3 years System Security experience – in Penetration testing and Vulnerability assessments, IDS/Firewalls/VPN administration, Content filters, Security Scan tools, Network and Systems Administration ;
- At least one professional Information Security Qualification: CCSP/CISSP/CISM/CISA;
- Advanced Networking Competencies: CCNA/CCNP;
- Advanced understanding of the implementation of ISO27000, PCI DSS & COBIT ;
- Experience in the use of vulnerability assessment tools;
- Experience in Microsoft & Unix Operating Systems;
- Advanced understanding of information security technologies such as Firewalls, Host and Network-based Intrusion Detection Systems, Antivirus, web & content filtering solutions, Network Access Control etc.
- Applications: C, C++, ASP, Visual Basic, Java, PHP, Microsoft SQL – Advanced;
- Operating Systems: Windows Operating Systems (All), Linux (SuSE, Fedora/RedHat), HP Unix, Solaris and IBM AIX – Advanced;
- Databases: Relational Database Management Systems (RDBMS) – Oracle, MS SQL, My SQL, Pervasive SQL .
Please note, interviews for this position will take place at our Careers in Africa Recruitment Summit in London, 16 – 18 May 2014. Relevant candidates will be contacted and invited to attend the event.