Senior ICT Security Analyst

Share and send to your friends !

Job Purpose

Operate and maintain NHIMA’s technical securitysystems. The role requires the implementation and operation of security controlsacross NHIMA’s ICT infrastructure landscape.Enforces security policies and procedures by administering and monitoringsecurity profiles review security violation reports and investigate possiblesecurity exceptions, updates, and maintains and documents security controls.

Key Responsibilities

 

 

 

 

 

Security Administration

• Investigates identified security breaches in accordance with established procedures and recommends any required actions.

• Assists users in defining their access rights and privileges and administers logical access controls and security systems.

• Maintains security records and documentation.

Business Risk Management

• Carries out risk assessment within a defined functional or technical area of business.

• Uses consistent processes for identifying potential risk events, quantifying and documenting the probability of occurrence and the impact on the business.

• Refers to domain experts for guidance on specialized areas of risk, such as architecture and the environment. Co-ordinates the development of countermeasures and contingency plans.

Information Security

• Conducts security risk and vulnerability assessments for defined business applications or IT installations in defined areas, and provides advice and guidance on the application and operation of elementary physical, procedural and technical security controls (e.g. the key controls defined in ISO27001).

• Performs risk and vulnerability assessments, and business impact analysis for medium-size information systems.

• Investigates suspected attacks and manages security incidents.

Data management

• Takes responsibility for the accessibility, retrievability and security of specific subsets of information.

• Provides advice on the transformation of information from one format/medium to another, where appropriate.

• Maintains and implements information handling procedures.

• Enables the availability, integrity and searchability of information through the application of formal data structures and protection measures.

• Manipulates specific data from information services, to satisfy local or specific information needs.

Service level management

• Performs defined tasks to monitor service delivery against service level agreements and maintains records of relevant information.

• Analyses service records against agreed service levels regularly to identify actions required to maintain or improve levels of service, and initiates or reports these actions

Configuration management

• Manages configuration items (CIs) and related information.

• Applies and maintains tools, techniques and processes for identification, classification and control of CIs and ensuring related information is complete, current and accurate.

Change management

• Assesses, analyses, develops, documents and implements changes based on requests for change.

Continuity management

• Provides input to the service continuity planning process and implements resulting plans.

Conformance review

• Collects and collates evidence as part of a formally conducted and planned review of activities, processes, products or services.

• Examines records as part of specified testing strategies for evidence of compliance with management directives, or the identification of abnormal occurrences.

Testing

• Defines test conditions for given requirements.

• Designs test cases and creates test scripts and supporting data, working to the    specifications provided.

• Interprets, executes and records test cases in accordance with project test plans.

• Analyses and reports test activities and results. Identifies and reports issues and risks.

 

 

Technical Capabilities

• Ability to assess, manage and communicate information security concepts and practices with technology and business constituents.

• Strong competency in security policy development, auditing and compliance procedures.

• Strong working knowledge of multiple security specific product solutions (such as network vulnerability scanners, application vulnerability scanners, password auditing tools, data encryption solutions, web site filtering tools, ant-virus systems, firewalls, NIPS, HIPS, identity management solutions, data forensics tools, and SIEM solutions)

• Strong working knowledge of network models and related protocols and services; network architecture concepts as applicable to defense in depth principles.

• Knowledge in Unix, Windows, Linux, networking and IP intranet/internet security environments including firewalls, intrusion detection, incident response, policy writing, vulnerability testing, operating system hardening, regulatory compliance, and data classification.

• Must have knowledge and stay current on the latest security and privacy legislation, regulations, advisories, alerts and vulnerabilities. Possesses knowledge in various information security areas, such as: Identity and Access Management, Threat and Vulnerability Management, Information Risk and Governance, ICT architecture, Monitoring, Incident Response and Security Strategy

 

 

 

Knowledge, Skills, Qualifications and Experience

 

Bachelor’s degree in Computer Science, Information technology or Computer Engineering or equivalent.

Competencies required for this Role

 

 

Qualification

• Bachelor’s degree in Computer Science, Information technology or          Computer Engineering or equivalent

Professional Certifications

• Certified Information System Security Professional (CISSP) or Certified    Information Systems Auditor (CISA) or Certified Ethical Hacker (CEH)      or CompTIA Security + or Certified Information Security Manager       (CISM) or CompTIA Cybersecurity Analyst (CySA+) or Certified       Information Security Officer (S-CISO) or Cisco CCNA Cyber Ops

Job-Related Experience 

• 5+ Years work experience in ICT Security

• Member of Information and Communications Technology Association of Zambia (ICTAZ)

To apply for this job please visit careers.nhima.co.zm .

Never Miss a Job Update Again. Click Here to Subscribe Company: Zamtel Location: Zambia State: Lusaka Job type: Full-Time Job category: IT/Telecom Jobs in Zambia Title: Application Developer Closing Date:…
Closing Date: 26th February, 2021 Overall Purpose Applications Developer is responsible for Coding of all internal Application. The individual will work with Systems Architect and users to design software and…
Job Details Title: Application Developer Closing Date: 26th February, 2021 OVERALL PURPOSE Applications Developer is responsible for Coding of all internal Application. The individual will work with Systems Architect and…
Business Intelligence Analyst D – IRC198259 at Zambia, Lusaka, Zambia in FNB Zambia Business Intelligence Ends 07 May 2021 purpose The design, development and maintenance of the knowledge and information management and business intelligence…
Full Time Lusaka, Zambia Posted 3 hours ago Title: Application Developer Closing Date: 26th February, 2021 OVERALL PURPOSE Applications Developer is responsible for Coding of all internal Application. The individual…
NetOne Information Technology Limited is zambia’s leading enterprise technology services provider and seeks to find a qualified and experienced L3 Support Engineer. Qualifications and Requirements Excellent technical knowledge on Windows…