Security Specialist – Protection & Access

Closing Date: 
Monday, January 20, 2020
Location of the Job: 
Gaborone, Botswana
Reference Number: 
ITOPSSS- Pro & Access
Company Letshego Holdings Limited
Reference # ITOPSSS- Pro & Access
Published 13/01/2020
Contract Type Permanent
Salary Market Related
Location Gaborone, South East, Botswana
   
Introduction
The Protection & Access Security Specialist researchs, develops, implements, tests and review the organisation’s information security in order to protect information and prevent unauthorized access. The person in the role protects systems by defining access privileges, control structures, and resources.
   
Job Functions Information Technology,Investigation & Compliance,Safety & Security,Technical
   
Industries Financial Services
   
Specification
1.Protects the company from unauthorised access to information and breaches by analysing vulnerabilities and threats with the view to implement, improve implementation and Administer controls such as Identity and Privilege Access Management and Data-Loss Prevention solutions that enforce the least privilege and need-to-know compartmentalisation;
2.Works closely with the SOC team to ensure integration of controls and with Cybersecurity team to ensure that core control systems are adequately protected. 
3.Plays a pivotal role in security architecture and works closely with applications, E-channels team and developers to ensure that access is authenticated and authorized correctly with the right number of factors while being integrated with directory services.
4.Assist the team in ensuring that we follow best practices with AAA and directory services.
5.Policy, standards and procedures creation and organisational acceptance.
6.Must have programming experience to be able to ensure secure systems development throughout the complete system life cycle.
7.Works with the Infrastructure team to ensure that Backup and DR are based on sound security principals that take business into account.
8.Consults with functional unit management and personnel to identify, define and document business needs and objectives, current operational procedures, problems, input and output requirements, and levels of systems access to ensure proper control of digital assets by creating standards, roles and lists and groups that enforce good security principals;
9.Researches, recommend and review new IT security systems and solutions to ensure the Bank uses modern solutions to address exposure to fast-changing global security risks and make recommendations to IT Management for medium to long term planning;
10.Identifies opportunities for improving business processes through information systems and non-system driver changes; assists in the preparation of proposals to develop new systems or operational changes; 
11.Creates and implementing security-related disaster recovery plans by conducting disaster recovery planning and testing on controls within the scope of the role, in case of a disruption to business operations ensuring that at least the same level of security exists during disasters and their aftermath and where not possible that business is aware of the risk and its potential impact;
12.Continuously make all staff in radar more aware of their responsibility in making the organisation more secure. Attention should be focused primarily on staff whose duties gives them privileged access or whose functions can make or break security and privacy;
13.Documents security systems technically and administratively;
   
Requirements
Qualifications: 

•Bachelor’s Degree in Computer Science or Diploma in Information Systems with five years of Information Security experience in a Security Engineering role
•As many Security Industry related Certifications as possible, e.g. CISSP, CISA, CASP+, CEH, OSCP, any GIAC, any SANS. 
•Programming qualifications in relevant languages with emphasis on secure coding
•Product Specific Qualifications like Cisco Security Certs, CCSA/E, F5-CA/CTS/CSE, Fortinet NSE4-8 but some specifically in Privileged Identity Management, Identity Management and Access Control including MFA and SSO systems. DLP qualification.
•Proof of continuous learning

Background/Experience:
Technical: 
•Understanding and knowledge of control frameworks ISO 27002 and CIS 
•Information Security Engineering Experience
•Information Security Architecting Experience
•Solid Experience in the following a must:
oPrivileged Identity Management and control
oAD, AAA & Access control systems 
oPAM
oMulti-Factor Authentication systems
oSingle Signon 
oSAML & OAuth
oDLP
oBackup systems & DR
•Strong Administrative Experience on mentioned security tools 
•Development experience to work with developers 
•Technical writing including the creation of policies, standards, procedures & guidelines
•IT Security Audit fundamentals
•Sound IT Security systems concepts and principles 
•Complex modelling techniques 

Analytical: 
•Analytical and conceptual expertise
•Identity & Access Management
•Privileged Identity Management 
•DLP
•Forensic analysis
•Planning, documentation, analysis and business requirements management techniques 
•Object-oriented analysis 
•Evaluation of profitability/risk 
•Testing, verification and validation techniques 
•Creation of the Business Requirements Document
•Administrative and reporting abilities 

Business: 
•Knowledge of business processes within the context of Financial Services
•Improvement of business and engineering processes 
•Strategic planning 
•Case development
•Business writing 
Coaching: 
•Confidentiality, ethical behaviour, privacy & integrity
•Policies, procedures, standards and guidelines
•Secure coding practices
•IAM & PAM

Communication: 
•Ability to formulate concepts 
•Communication of technical information to a non-technical audience 
•Communication of business information to a technical audience 
•Negotiation Skills 
•Tactful
Job Closing Date 20/01/2020

Click on the link to apply: https://letshego.jb.skillsmapafrica.com