Skills:
- Knowledge of Windows, UNIX, and Linux kernel programming.
- Understanding of ISO 27001/27002, ITIL, and COBIT frameworks.
- A grasp of perimeter security controls such as firewalls, IDS/IPS, network access controls, and network segmentation.
- Network security architecture development and definition.
- Experience with the various aspects of wireless security such as routers, switches, and VLAN security.
- Knowledge of security concepts related to DNS, including routing, authentication, VPN, proxy services, and DDOS mitigation technology.
- An understanding of third party auditing and cloud risk assessment methodology.
- Extensive experience in information security and/or IT risk management with a focus on security, performance and reliability.
- Solid understanding of security protocols, cryptography, authentication, authorisation and security.
- Good working knowledge of current IT risks and experience implementing security solutions.
- Experience implementing multi-factor authentication, single sign-on, identity management or related technologies.
- Ability to interact with a broad cross-section of personnel to explain and enforce security measures.
- Solid understanding of Fintech and Healthcare domain will be added advantage.
- IT Security or risk management certifications will add weight to the profile.
- Excellent written and verbal communication skills as well as business acumen and a commercial outlook
Roles and Responsibilities:
- Gaining a total understanding of the organization’s technology and information systems.
- Planning, researching, and designing reliable, powerful, and flexible security architectures for all IT projects.
- Performing vulnerability testing on the completed infrastructure, including risk analyses and security assessments.
- Researching the latest security standards, new security systems, and updated authentication protocols.
- Defining, creating, implementing, and maintaining all needed corporate security policies and procedures, making sure that all employees abide by them.
- Developing requirements for all IT assets including routers, firewalls, local area networks (LANs), wide-area networks (WANs), virtual private networks (VPNs), and any other related network devices.
- Reviewing and approving the installation of all firewalls, VPN, routers, servers, and IDS scanning technologies.
- Preparing cost estimates for all cybersecurity measures and identifying any potential integration issues.
- Designing critical public infrastructures (PKIs), including digital signatures and certification authorities (CA).
- Testing the organization’s final security structures to make sure they function as planned
- Providing technical guidance and supervision for security teams
- Taking charge of any security awareness programs and educational efforts to better prepare non-IT personnel
- Responding immediately to any security-related incidents (e.g., data breaches, viruses, phishing scams) and providing a complete post-event analysis once there is a resolution.
- Updating and upgrading the organization’s security systems as needed
Other good to have Skills:
- Programming Languages: C, C++, JavaScript, Ruby/Python, SQL, Bash scripting, Powershell Scripting
- DevOps Tools: SonarQube, GitLab, Docker, Kubernetes, Fortify, Veracode, OpenVAS, Contrast Security, Aqua
- Security Assessment Tools: Aircrack-ng, Burp Suite, SQLmap
- Security Frameworks: NIST, SOX, HIPPA
- Operating systems: Linux, Unix, Windows, MacOS