Jobs

IT Security Officer (Telecoms) at IpNX Nigeria Limited

IPNX Nigeria Limited is one of the fastest-growing information and communications technology companies, serving a multitude of needs across enterprises, small businesses, and residents with innovative, world-class services.

We are recruiting to fill the position below:

Job Title: IT Security Officer (Telecoms)

Location: Lagos
Employment Type: Full-time
Travel Frequency: None
Function: IT Governance Officer
Job Grade: Permanent
Reporting to: Head, IS&T

Purpose of the Job

This position is responsible for identifying, evaluating, and reporting on cyber security risks, developing a set of security standards and best practices for the organization, monitoring networks and systems for security breaches and intrusions, leading technical and forensic investigations, managing the Deluxe vulnerability and penetration testing programs, and providing and implementing recommendations for security enhancements to management teams as needed.

Expected Key Results
(Detailed KPIs):
Key Activities

Responsible for oversight of the IPNX Cyber Security systems and processes, overseeing the IT General Controls related to firewalls, system access, data leakage protection, patching, encryption, vulnerability scanning, penetration testing, data protection, Phishing protection, SIEM, and Cyber incident response.
Monitor all operations and infrastructure for Cyber risks and establish monitor alerts and logs
Provide support to ensure security controls are designed and implemented appropriately to protect the security, confidentiality, privacy, integrity, and availability of data in compliance with organization policies and standards
Deploy security solutions in IPNX private cloud services to customers.
Build and deliver systems to identify potential security incidents and serve as subject matter expert on escalated incidents
Primary Escalation for all Critical/Major incidents following
Incident management processes.
Report unresolved security exposures, misuse of resources, and noncompliance situations using defined escalation processes
Create and maintain reporting and documentation for security systems and procedures
Develop and demonstrate subject matter expertise on all security technologies and keep abreast of emerging security support technologies and industry trends
Investigate and resolve security violations by providing post-mortem analysis to illuminate the issue, and identify causes, possible solutions, and preventative measures
Manage escalated Security Incidents from a people and process perspective.
Analyse security logs and investigate network and server security violations and intrusions.
Vulnerability Management and remediation
Conducts follow-up remediation and tracks findings from previous audits through to closure
Conduct Cybersecurity education and awareness training events for users and management.
Arrange and conduct security assurance reviews and assessments, and present quarterly reports to stakeholders.
Work closely together with technical architects to produce design specifications according to information security policies, while fulfilling business needs.
Conduct regular security audits on role-based access to IPNX systems and data.
Conduct risk assessment of vulnerability reports and impact risks to service
Own the Vulnerability Management end-to-end process and ensure remediation and closure of all exceptions.
Perform application and web-based security vulnerability assessments and penetration tests in accordance with industry-accepted methods, protocols, and tools
Conduct vulnerability analysis and create impact assessments
Develop detailed work plans, schedules, and resource plans for recurring vulnerability and penetration assessments
Collate conclusions and recommendations.
Identify and communicate current and emerging information security threats
Assess current technology architecture for vulnerabilities, weaknesses and for possible upgrades or improvements.
Security Audit and reporting
Support internal security audits, and liaise with the group risk and internal control teams to provide enterprise cybersecurity risk posture and Cybersecurity resilience reports.
Report audit findings, including corrective action suggestions

Demonstrate (Key competencies):
Educational Qualifications & Functional Skills:

University Degree in Computer Science, Information Technology, Management Information System, or related field
Post Graduate degree (MBA, M.Sc., etc.) an added advantage
In-depth knowledge of Linux, Unix operating systems Kali Linux experience
Experience writing cybersecurity policies, procedures, standards and baselines
Excellent documentation skills.

Work Experience:

5+ years’ experience with the development, deployment, management and automation of security solutions in enterprise (cloud and on-premise) environments
Professional certification: Security certification of one or more of the following: CISSP, CRISC, CCSP,
CISM, CISA, CEH, CCNP security.
High degree of professionalism, work ethic, integrity and passion for Information Technology and Security

Other Requirements:

Customer Focus
Tech-savvy
Action orientation
Drive results
Cultivate Innovation
Ability to optimize work processes
Resilience
Self-Development
Nimble Learning
Ensures Accountability
Practical and deep knowledge of security risk management methodologies and frameworks.
Experience with cloud and SaaS technologies and zero-trust security are highly desirable
Experience with enterprise security platforms and architectural design. Strong preference to candidates with proven (Cloud Computing security experience).
Strong understanding of cyber security concepts, protocols, industry best practices, strategies, frameworks and regulations such as ISO 27001,
NIST Cybersecurity Framework, Payment Card
Industry Data Security Standard (PCI DSS),
Sarbanes-Oxley (SOX).
Understanding of the Software Development Life
Cycle and Development Operations (DevOps) principals.
Deep knowledge and experience with vulnerability management and penetration testing systems;
Familiarity with the latest security vulnerabilities, advisories, incidents, penetration techniques, attack vectors, and countermeasures.
Knowledge of network-based, system-level, and application-layer attacks and mitigation methods
Experience extracting pertinent security data from monitoring solutions and audit logs, and reports
Experience in a variety of security technologies and architectures, such as MFA, VPN, DLP, SIEM, privileged access management, network security, data security, cryptography, micro-segmentation, and software-defined networks.