Professional Qualification and Certifications: - Bachelorâs Degree in Computer Science, Information Systems or other related field, or equivalent work experience.
- Certification in risk, information systems and/or security desired (CISM, CISSP, CRISC, Cyber Security courses. Ethical Hacking)
Work Experience:Â - Minimum 3- 5 years of experience in IT security, Identity and Access Management (IAM), DLP experience, Cloud Security and Governance.
Knowledge and skills: - Knowledge of IT infrastructure, especially networks, server. Desktop and DLP
- Proven experience as a Cyber Security Engineer with a focus on Symantec DLP solutions.
- In-depth knowledge of Symantec DLP architecture, components, and capabilities.
- Strong understanding of data classification, encryption, and data loss prevention techniques.
- Hands-on experience in designing, configuring, and managing DLP policies and rules.
- Familiarity with regulatory requirements
- Excellent analytical and problem-solving skills, with the ability to troubleshoot complex technical issues.
- Effective communication skills, with the ability to convey technical concepts to non-technical stakeholders.
- Knowledge of Third-party Risk management. Conducting Risk assessment and Cloud assurance.
- Experience in security management, security and network architecture and/or design
- Experience in implementing and maintaining IT security processes
- Experience in creating and reviewing IT security policies for compliance
- Skills and knowledge in data privacy, best practices such as; defence in-depth, least privileges, need-to-know, separation of duties, access controls, encryption
Key Processes Supported: This role supports to following critical Head Office processes:
- Interpret cyber security and corporate risk, and governance frameworks
- Develop applicable policies and standards
- Monitoring and reporting
- Ensuring policy compliance
- Perform daily, weekly, monthly system health checks for VPN, F/W and Proxy
- Implement approved configuration/rule changes for VPN, F/W and Proxy
- Ensure application/system security and availability thru load balancing and optimisation (F5)
- Run adhoc reports for VPN, F/W and Proxy
- Respond to P1, P2 and P3 Events and Alerts
- Fine Tune Use Cases with SOC and OPS
- Work with SOC to analyse threat intelligence and technical analysis
- Conduct Cyber Incident Exercises to test preparedness
- Set and implement user access controls and identity and access management systems
- Monitor network and application performance to identify and irregular activity
- Perform regular audits to ensure security practices are compliant
- Deploy endpoint detection and prevention tools to thwart malicious hacks
- Set up patch management systems to update applications automatically
- Implement comprehensive vulnerability management systems across all assets on-premises and in the cloud
- Document network, system, and application user access control procedures and feedback to management to update policies and processes when vulnerabilities are uncovered
- Central point for all IT systems access requests for services or information
- Validate legitimacy of requests; ensure proper approvals and execute per the access policies, regulations and procedures
- Develop and maintain user access application inventory
- Distribute access control reports to support periodic reviews
- Provide required Management Information Reports
- Work with business stakeholders and participate in company projects to ensure that onboarding of new applications is managed in alignment with data governance policies.
- Develop and implement regular access control process improvements
- Heightened awareness of Cyber Security.
- Share Vulnerabilities/Threats discovered and Mitigation Strategies with the user community
- Inform stakeholders about inappropriate use of IT systems/Services
- Perform vulnerability testing, risk analyses and security assessments
- Respond immediately to security-related incidents and provide a thorough post-event analysis
- Update and upgrade security systems as needed
- Define, implement and maintain corporate security policies and procedures
- Plan, research and design robust Security Architectures and Strategies for IT and OT projects
- Act as an SME for Cyber Security related issues
- Conduct technical risk assessment to capture security exceptions and design associated controls