IT Systems & Security Operations Lead-Faulu at Old Mutual Kenya

Introduction

The IT Systems and Security Operations Lead role will be responsible for the day to day management and implementation of Information security processes. This role requires the holder to interact with security systems on a real-time basis and must develop and demonstrate ability to detect security breaches within stipulated service level agreements. The holder will apply proven communication and problem-solving skills to guide and assist the management on issues related to the Information security. The person is also responsible for the delivery of information security solutions and also tasked with the responsibility of planning and coordinating the processes and activities necessary to improve the maturity of Faulu’s control environment.

Minimum Requirements

• Bachelor’s degree in computer science or Equivalent qualification with 3+ years Implementing and Managing Information Technology security systems and solutions
• Systems Security Certified Practitioner, Cisco Certified Security Practitioner, Certified Cloud Security Professional, GIAC or CompTIA Security + certification
• CISSP, CISM, CISA or other InfoSec Governance Training in information security would be an added advantage

• User and Technical level knowledge of core operating systems e.g. Unix, Linux and Windows of at least one year (1) working experience.
• Knowledge of Banking transaction switches e.g. BREFT, Postilion, IST is an added advantage
• Experience in Alternative business channels operations and handling of related security risks – frauds and forgeries – will be an added advantage.
• Good information security analytical skills, both financial and non-financial Solution.
• Training in systems security e.g. CEh will be an added advantage
• Web server security Management skills e.g. IIS, Jboss is an added advantage
• Understands application programming, database and system design

Job Specification...

KEY RESPONSIBILITIES

•    Monitor and report/ address all areas of security vulnerabilities. This includes review of relevant security logs and update of the antivirus system 
•   Deploy appropriate technical controls to manage the cyber security space exposure as flagged by information Security teams.
•   Continuously review and recommend the security architecture and monitoring tools that address the security risks the Business is or may be exposed to.
•   Provide technical reporting details for all security incidents
• Working closely with Information Security and Risk function, facilitate the execution of tactical security awareness programs to ensure awareness of the security policies and procedures.
• Support IT Security and Risk compliance reviews focused on ensuring the optimal level of security awareness is attained.
• Responsible for the validation and deployment of technical controls on infrastructure.
• Review vendor technical security architecture with an aim to improve security on directly connected entities.
• Develop and deploy line 1 technical controls to safeguard systems against accidental or unauthorized modification, destruction, access or disclosure
•  Play an active role in the technical implementation of systems security projects.
• Ensure that encryption and data loss prevention configurations are achieved.
• Implement 2 factor authentication for VPN and other critical logins
•  Continuously evaluate market security offerings and make an informed selection decision.
•  Patching of the IT environment systems such as the Linux, Unix and Windows Platforms
• Management of Software whitelisting on all entity devices to ensure that only legal software runs on the business machines
• Information Security solution monitoring and activation
• Systems log / user activity review, monitoring and analysis
•  Escalate specific security areas of concern through a defined process
•  Ensure that blocked command injections are identified and reported
•  Identify and remediate operational gaps between configuration management software and approved business changes.
• Update the proactive mitigation plans and ensure execution
• Manage technology partners both internal and external, to ensure that all solutions provide positive client experiences leading to improved uptake of banking products
• Establishing a process to proactively identify emerging business needs and IT implications e.g. through Business – to – ICT focus group
• Analyze and fix potential IT security incidents
• Receive and respond to the security related business requirements
•  Interface with technical, risk and governance personnel and other teams as required in the process of mitigating systems security.
•  Initiate escalation procedure to counteract potential threats/vulnerabilities.
•  Appropriately inform and advise management on security incidents and incident prevention
•  Document and conform to approved processes related to security monitoring
• Participate in knowledge sharing with other Information Technology Staff and develop solutions efficiently

 BANKWIDE AML KYC & CFT RESPONSIBILITIES

• Communicating and reinforcing the AML-CTF compliance culture established by the board and cascaded by Management
• Implementing and enforcing the board-approved AML, KYC & CFT policy within the Department, Unit or Branch

IT RISK AND SECURITY

• Address / mitigate all identified Information Security Risk and Audit issue
• Implement recommendations from IT security and partners to avert unforeseen system outages