Designs, develops, and evaluates security of information systems throughout the development/ project life-cycle.
Key Responsibilities:
· Ensure that security requirements are incorporated in systems, applications and associated project documentation
· Ensure that security design and cybersecurity development activities are appropriately documented.
· Design to security requirements to ensure requirements are met for all systems and applications.
· Design hardware, operating systems and software applications to address cybersecurity requirements.
· Develop detailed security design documentation for component and interface specifications to support system design and development.
· Support security certification test and evaluation activities.
· Develop specific cybersecurity countermeasures and risk mitigation strategies to address cost, schedule, performance and security risks.
· Perform security reviews and identify security gaps in architecture.
· Verify stability, interoperability, portability and scalability of system architecture.
· Develop security risk profiles of computer systems by assessing threats to, and vulnerabilities of, those systems.
· Conduct Privacy Impact Assessments (PIAs) to ensure that Personally Identifiable Information (PII) is appropriately protected.
· Ensure that any products implemented to manage cybersecurity risks have been effectively evaluated and authorized for use.
· Perform risk analysis whenever an application or system undergoes a major change.
· Provide input to the risk management framework and related documentation.
· Carry out a cybersecurity risk assessment.
Ability:
· Ability to communicate cybersecurity concepts and practices in an effective manner.
· Ability to produce technical documentation at an appropriate level for the audience.
· Ability to ensure cybersecurity practices are applied at all stages in the acquisition or divestment process.
· Ability to design architectures and frameworks in line with security policies.
· Ability to function in a collaborative environment to leverage analytical and technical expertise.
· Ability to apply network security architecture concepts including topology, protocols, components and principles.
· Ability to apply secure system design tools, methods and techniques.
· Ability to analyse vulnerability and configuration data to identify cybersecurity issues.
· Ability to relate basic cybersecurity concepts to the impact they may have on an organization.
· Ability to apply cybersecurity and privacy principles to organizational requirements.
· Ability to identify critical information systems which have limited technical cybersecurity controls.
· Ability to apply the organization's chosen framework for describing, analysing and documenting its IT architecture.
· Ability to collaborate effectively with others.
· Ability to ask questions for clarification of cybersecurity matters.
· Ability to understand organizational objectives and the effects of cybersecurity controls on those objectives.
· Ability to assure business and system continuity and mitigate the risks of cybersecurity incidents.
Skills:
· Skill in evaluating the adequacy of security designs.
· Skill in designing the integration of hardware and software solutions.
· Skill in conducting cybersecurity audits or reviews of technical systems.
· Skill in designing countermeasures to identified security risks.
· Skill in applying cybersecurity and privacy principles to organizational requirements.
· Skill in designing security controls based on cybersecurity principles and tenets.
· Skill in developing and applying security system access controls.
· Skill in determining the security control requirements of information systems and networks.
· Skill in the use of design modelling.
Knowledge
· Knowledge and understanding of risk assessment, mitigation and management methods.
· Knowledge of relevant cybersecurity aspects of legislative and regulatory requirements, relating to ethics and privacy.
· Knowledge of cybersecurity related threats and vulnerabilities.
· Knowledge of encryption algorithms, their relative strengths and weaknesses and appropriate selection criteria.
· Knowledge of cybersecurity considerations for database systems.
· Knowledge of human-computer interaction principles.
· Knowledge of IT security principles and methods.
· Knowledge of policy-based and risk adaptive access controls.
· Knowledge of how to carry out privacy impact assessments.
· Knowledge of all aspects of system lifecycle management.
· Knowledge of network security architecture concepts including topology, protocols, components, and principles.
· Knowledge of network design processes, including security objectives, operational objectives and trade-offs.
· Knowledge of service management concepts for networks and related standards.
· Knowledge of industry standard security models and their effective application.
· Knowledge of data security standards relating to personally identifiable information.
· Knowledge of Payment Card Industry Data Security Standards (PCI-DSS).
· Knowledge of countermeasure design for identified security risks.
· Knowledge of access authentication methods.
· Knowledge of how to use resiliency and redundancy to mitigate cybersecurity risks.
· Knowledge of national and organizational document and information classification and marking standards, policies and procedures.
Experience
5 years in information security governance, risk and compliance role managing projects.
Education
Bachelors/Masters in Information Security related field
Desired Certifications
CISSP, CISM, ISO27001, PCI-DSS
Job Type: Full-time
Pay: RO1,800.000 - RO2,000.000 per month