Job at Global Accelerex Limited for Certification and Standard Manager
Global Accelerex Limited is a leading provider of payment and business management solutions incorporated and based in Nigeria. Our business solutions help organizations across economic sectors, to effectively and efficiently manage distribution, marketing, sales, and positioning of their products and services.
We are recruiting to fill the position below:
Job Title: Certification and Standard Manager
Location: Lagos
Reports to: Chief Information Security Manager
Job Purpose
- The role holder will be charged with managing risk, maintaining certifications and compliance to IT security standards/regulations.
- He/she will carry out vulnerability scanning, gap analysis and spot checks on departments, groups and directorates.
- He/she will ensure all observed gaps are closed timely such that the organization is not exposed.
- He/she will maintain all cyclic tasks required to ensure the company remain certified.
Primary Duties and Responsibilities
- Development and maintenance of Security & Compliance policies for the organization and ensuring day to day compliance with all relevant policies.
- Conduct Gap Analysis for ISO 270001/ISMS implementation
- Conduct Risk Assessments and suggest Mitigation plans/Controls
- Conduct /Assist in VAPT and assist in closure of Vulnerabilities
- Prepare of Policies and Processes
- Prepare ISO Training Plan
- Train the Stakeholders
- Assist CISO in the implementation of the Information Security Management System based on the ISO/IEC 27000 series standards, including preparation for certification against ISO/IEC 27001, 9001 and 20000.
- Perform gap analysis of information security standards such as ISO 27001:2015 and create compliance reports for information security standards such as ISO 27001:2015 and other requirements.
- Leads the preparation and the implementation of necessary: Information security policies, standards, procedures and guidelines and get appropriate approvals and feedback, for implementation.
- Manages and leads the design and operation of related compliance monitoring and improvement activities to ensure compliance both with internal security policies etc. and applicable laws and regulations.
- Support departments and help manage implementation of information security management system.
- Conduct Information security awareness, training and educational activities to stakeholders.
- Manages information security risk assessment and control activities.
- Liaison with stakeholders and offers strategic direction to related governance functions (such as Risk Management, IT, HR, Legal and Compliance)
- Liaison with senior and middle managers throughout the project organization as necessary, on information security matters such as routine security activities plus emerging security risks and control technologies.
- Present reports and recommendations to CISO on information security and related issues.
- Work independently under the general direction of the CISO to ensure timely and accurate completion of information security internal audit objectives and perform the requisite preparation.
- Manage Third Party Security Assessment Program to minimize risk associated with business partners and vendors.
- Perform testing of internal controls specified in Information Security Policies and Perform internal audit reviews to assess the effectiveness of current information security controls.
- Ensure timely and effective corrective actions are taken to correct deficiencies and provide status reporting.
- Support the Information Security program including development, collection, assessment, and reporting of metrics.
- Recommend security policy changes and enhancements as needed and assist CISO in implementation.
- Conduct Mock ISO Audits and, Report on departments preparedness for final audit and certification.
- Assist CISO in all ISO Audit and certification.
- Development and maintenance of Security & Compliance policies for the organization and ensuring day to day compliance with all relevant policies.
- Accountability for assigned Business Continuity & Disaster Recovery Programs.
- Manage lifecycle, testing, and documentation of assigned BC/DR policies.
- Conduct physical security assessments of servers, systems and network devices.
- Research, document and discuss security findings with management and the cybersecurity and IT Ops team.
- Review and define requirements for information security solutions.
- Develop and maintain a vulnerability assessment database.
- Evaluate, analyze and target weaknesses in cryptographic security systems and algorithms in both on-premise and AWS systems
- Ensure message transmission data (e.g. wireless network, secure telephone, email, etc.) are not illegally accessed or altered in transit.
- Conduct security incident investigations.
- Monitor all access to the GA databases and servers in the cloud.
- Monitor all changes of access rights to GA database.
- Conduct database vulnerability assessment.
- Review all database rule to ensure a risk-free infrastructure.
- Check for all (data manipulation language) DML from unauthorized application and IP.
- Check for all form of privilege escalation.
- Regular review of data protection practice on all IT and business processes in GA at agreed schedules.
- Review Operating System hardening for all devices on premise and on the cloud.
- Review Application Standardization.
Job Requirements
- Bachelor's Degree in Computer Science, Information Technology, and related work experience.
- Should have Bachelors/Master’s degree and hold professional certification viz., CISA, CISSP/ CISM, CRISC etc.
- ISO 27000 – Implementer/Lead Auditor etc. Should have led at least Two implementation of ISMS and one implementation as Lead Auditor.
- Should have led One implementation of QMS.
- Broad-based IT experience with technical knowledge of Networks, Hardware, Storage, Operating systems, and Applications, Business Impact Analysis, RTO/RPO, Communication Plan, ITDR Drills, Contingency Plans etc
- Up-to-date understanding of emerging trends in information security and apply new techniques and trends, in-line with overall information security objectives and risk tolerance
- Good writing skills for Policy & Procedures, BCP documentation
- IS Awareness, Training and Assessment: Preparing Training plans and conducting relevant Trainings for stakeholders.
- Working knowledge of Microsoft Active Directory, databases and AWS servers.
- Strong knowledge of networking technologies – TCP/IP, switching & routing protocols is required.
- Proven experience in auditing various operating systems (windows and Linux) for PCs and servers is required.
- Excellent knowledge of cybersecurity best practices, management, control, and monitoring.
- Experience with firewalls, Internet VPN’s and AWS VPC auditing and management is desired.
- Team player – able to operate effectively in a team environment.
- Strong critical thinking and problem-solving skills.
- Ability to organize, prioritize and meet deadlines.
- Experience in working on Cyber Security Projects of payment companies.
- Oracle Certified Professional (required).
- 5+ years of experience in system/network/database/server administration including maintenance and upgrades.
- CISA, CISM, CISSP will be of additional advantage.
- IT Audit certifications will be of additional advantage.
Deadline: 25th October, 2019.
How to Apply
Interested and qualified candidates should send their CV to:
[email protected] using the "Job title" as subject of the email.