Barita Investments Limited invites suitably qualified candidates for the role of Information Security Officer in our organization.

ROLE & CORE FUNCTONS

To monitor and support security initiatives for the Group’s technical and information assets that provide defences against security breaches and vulnerability issues. This is a technical role as such the incumbent is expected to be hands on with implementation and have solid knowledge and experience in IT security including security tools. 

The role will be responsible for the day-to-day operations of securing the organisation’s various information systems and providing technical expertise in all areas of network, system, and application security. The role will communicate, monitor and maintain our IT security program, including identifying critical systems and critical digital assets, addressing cyber security controls for each critical digital assets.

FUNCTIONAL RESPONSIBILITIES

• Analyze events and alerts that are triggered due to security threats from internal and external sources and prepare relevant reports.
• Analyze suspicious emails, and phishing attempts, and make determinations on required actions.
• Manage security devices and platforms
• Complete / support the completion of penetration tests of internal and external systems and applications.
• Support Software development and life cycle practices ensuring compliance with relevant cyber security standards and industry best practices.
• Monitor System and User behavior to quickly identify security-driven events with the least amount of time-lapse.
• Threat hunting, looking for indicators of compromise and possible attacks against the company.
• Participate as a Subject Matter Expert (SME) on roadmaps from lessons learned based on security incidents.
• Review Security Configuration Baselines for both Operating Systems and Applications to ensure a defense in-depth model can be maintained within the organization.
• Support the integration of security design principles and processes in the organization particularly in the areas of software development, network design, system administration, system architecture, cloud computing, business continuity planning and disaster recovery.

QUALIFICATIONS & EXPERIENCE

• Bachelor’s Degree in Cyber-Security/Computer Science/Information Technology or related field.
• Minimum of 5 years IT experience including 2 year of information security focus.
• Knowledge of IT infrastructure including networking, communication, firewalls, VPNs and key IT systems and configuration.
• Superior understanding of current and evolving technologies and technology security related trends
• Operational knowledge and hands on experience implementing best practices standards such as ISO 27000, COBIT, NIST, PCI DSS, GDPR and other security control frameworks.
• Three (3) of the following (or other relevant) certifications are required; above 3 is a distinct advantage:

1. CompTIA certifications: Security +, Cloud +, Network +, PenTest + or CySA+
2. A pen test-focused certification such as OSCP, eJPT or CEH would be a plus
3. (ISC)² Systems Security Certified Practitioner (SSCP)
4. Microsoft 365 Certified: Security Administrator Associate
5. Microsoft Certified: Azure Administrator Associate
6. AWS Certified Cloud Practitioner
7. GIAC Security Essentials Certification