IT Security Officer (Telecoms) at IpNX Nigeria Limited


IPNX Nigeria Limited is one of the fastest-growing information and communications technology companies, serving a multitude of needs across enterprises, small businesses, and residents with innovative, world-class services.

We are recruiting to fill the position below:

 

 



Job Title: IT Security Officer (Telecoms)

Location: Lagos
Employment Type: Full-time
Travel Frequency: None
Function: IT Governance Officer
Job Grade: Permanent
Reporting to: Head, IS&T

Purpose of the Job

  • This position is responsible for identifying, evaluating, and reporting on cyber security risks, developing a set of security standards and best practices for the organization, monitoring networks and systems for security breaches and intrusions, leading technical and forensic investigations, managing the Deluxe vulnerability and penetration testing programs, and providing and implementing recommendations for security enhancements to management teams as needed.

Expected Key Results
(Detailed KPIs):
Key Activities

  • Responsible for oversight of the IPNX Cyber Security systems and processes, overseeing the IT General Controls related to firewalls, system access, data leakage protection, patching, encryption, vulnerability scanning, penetration testing, data protection, Phishing protection, SIEM, and Cyber incident response.
  • Monitor all operations and infrastructure for Cyber risks and establish monitor alerts and logs
  • Provide support to ensure security controls are designed and implemented appropriately to protect the security, confidentiality, privacy, integrity, and availability of data in compliance with organization policies and standards
  • Deploy security solutions in IPNX private cloud services to customers.
  • Build and deliver systems to identify potential security incidents and serve as subject matter expert on escalated incidents
  • Primary Escalation for all Critical/Major incidents following
  • Incident management processes.
  • Report unresolved security exposures, misuse of resources, and noncompliance situations using defined escalation processes
  • Create and maintain reporting and documentation for security systems and procedures
  • Develop and demonstrate subject matter expertise on all security technologies and keep abreast of emerging security support technologies and industry trends
  • Investigate and resolve security violations by providing post-mortem analysis to illuminate the issue, and identify causes, possible solutions, and preventative measures
  • Manage escalated Security Incidents from a people and process perspective.
  • Analyse security logs and investigate network and server security violations and intrusions.
  • Vulnerability Management and remediation
  • Conducts follow-up remediation and tracks findings from previous audits through to closure
  • Conduct Cybersecurity education and awareness training events for users and management.
  • Arrange and conduct security assurance reviews and assessments, and present quarterly reports to stakeholders.
  • Work closely together with technical architects to produce design specifications according to information security policies, while fulfilling business needs.
  • Conduct regular security audits on role-based access to IPNX systems and data.
  • Conduct risk assessment of vulnerability reports and impact risks to service
  • Own the Vulnerability Management end-to-end process and ensure remediation and closure of all exceptions.
  • Perform application and web-based security vulnerability assessments and penetration tests in accordance with industry-accepted methods, protocols, and tools
  • Conduct vulnerability analysis and create impact assessments
  • Develop detailed work plans, schedules, and resource plans for recurring vulnerability and penetration assessments
  • Collate conclusions and recommendations.
  • Identify and communicate current and emerging information security threats
  • Assess current technology architecture for vulnerabilities, weaknesses and for possible upgrades or improvements.
  • Security Audit and reporting
  • Support internal security audits, and liaise with the group risk and internal control teams to provide enterprise cybersecurity risk posture and Cybersecurity resilience reports.
  • Report audit findings, including corrective action suggestions

Demonstrate (Key competencies):
Educational Qualifications & Functional Skills:

  • University Degree in Computer Science, Information Technology, Management Information System, or related field
  • Post Graduate degree (MBA, M.Sc., etc.) an added advantage
  • In-depth knowledge of Linux, Unix operating systems Kali Linux experience
  • Experience writing cybersecurity policies, procedures, standards and baselines
  • Excellent documentation skills.

Work Experience:

  • 5+ years’ experience with the development, deployment, management and automation of security solutions in enterprise (cloud and on-premise) environments
  • Professional certification: Security certification of one or more of the following: CISSP, CRISC, CCSP,
  • CISM, CISA, CEH, CCNP security.
  • High degree of professionalism, work ethic, integrity and passion for Information Technology and Security

Other Requirements:

  • Customer Focus
  • Tech-savvy
  • Action orientation
  • Drive results
  • Cultivate Innovation
  • Ability to optimize work processes
  • Resilience
  • Self-Development
  • Nimble Learning
  • Ensures Accountability
  • Practical and deep knowledge of security risk management methodologies and frameworks.
  • Experience with cloud and SaaS technologies and zero-trust security are highly desirable
  • Experience with enterprise security platforms and architectural design. Strong preference to candidates with proven (Cloud Computing security experience).
  • Strong understanding of cyber security concepts, protocols, industry best practices, strategies, frameworks and regulations such as ISO 27001,
  • NIST Cybersecurity Framework, Payment Card
  • Industry Data Security Standard (PCI DSS),
  • Sarbanes-Oxley (SOX).
  • Understanding of the Software Development Life
  • Cycle and Development Operations (DevOps) principals.
  • Deep knowledge and experience with vulnerability management and penetration testing systems;
  • Familiarity with the latest security vulnerabilities, advisories, incidents, penetration techniques, attack vectors, and countermeasures.
  • Knowledge of network-based, system-level, and application-layer attacks and mitigation methods
  • Experience extracting pertinent security data from monitoring solutions and audit logs, and reports
  • Experience in a variety of security technologies and architectures, such as MFA, VPN, DLP, SIEM, privileged access management, network security, data security, cryptography, micro-segmentation, and software-defined networks.

Dimensions
Financial Dimensions:

  • Budget: Not Required
  • PO Approval: Not Required

Other Dimensions:

  • No. of vendors: Engagement of 3rd parties when it is absolutely necessary
  • No. of direct reports: None for now

Impact of position:

  • Impact on customers (Please select one of the options below):

Type of Customers

  • Mainly Internal
  • Mainly External
  • Internal & External x

Approvals:

  • Reporting Manager Functional Head HR

 

 

How to Apply
Interested and qualified candidates should:
Click here to apply

 

Application Deadline 31st May, 2023.