Cyber Security Analyst

Lagos

 

DEPARTMENT

Risk Management

 

JOB OBJECTIVES

The Cyber Security Analyst role ensures security of enterprise applications and databases utilized across the various business functions in FBNQuest. He/she is responsible for enforcing internal information security policies and standards, compliance with external regulations and monitoring of activities relating to the resolution of security incidents across all IT platforms (applications, database, network).

This role is tasked with ensuring FBNQuest’s information assets are properly protected, used transparently and accountably and the value to the organisation is fully realized.

This role requires a technical understanding of business functions across the organization, technology dependencies and security requirements to protect critical business information and ensure availability of applications and information systems for smooth running of business operations.

 

DUTIES & RESPONSIBILITIES

  • Implement appropriate physical and technical safeguards to protect the confidentiality, integrity, and availability of information assets.
  • Ensure compliance with corporate policies and regulations specific to information assets
  • Assign an appropriate classification to information assets defining the administrative permission of the respective information asset owner and users to assign access, re-distribution, or usage of the asset.
  • Collaborate with asset owners to gain a better understanding of the specific security and control requirements. Document security controls and share with asset owners.
  • Develop and maintain an Information Asset Register detailing and tracking all defined access control regimes for authorized records retention, disposal schedules etc.
  • Conduct risk-based security assessments on a wide range of FBNQuest applications and databases including Web Applications, Web Services, Mobile Applications, Infrastructure Interfaces and DB solutions to evaluate the adequacy of security controls, identify threats and vulnerabilities.
  • Review security assessment results (vulnerability scans, penetration testing) for true positives and propose appropriate mitigation controls.
  • Coordinate and test security patches in configurations, installations and upgrades to maintain application and DB security controls and manage possible changes i.e. changes to user database roles and privileges etc.
  • Evaluate and operationalize security tools by integrating with the development environment and commit/build pipelines
  • Collaborate with DevOps and other IT and Business functions to elucidate the importance of secure development practices and procedures as well as enforce the implementation of regulatory compliance control requirements e.g. PCI-DSS, SOX, ISO 27001 etc.
  • Perform periodic data integrity analysis on database systems and recommend best-practices to be followed by DB users to maintain data quality and security.
  • Maintain current knowledge of security threats and vulnerabilities that could impact products and their technology stack components, and help product teams identify solutions that meet security requirements
  • Produce reports pertaining to application and database security activities.
  • Understand and report security risks and how they impact the confidentiality, integrity and availability of information assets.
  • Regularly collaborate with IT security, operations, and all business stakeholders on security vulnerabilities and best practices for the resolution of security incidents.
  • Remain up to date with the latest security systems, standards, and mitigation tactics, and identify emerging opportunities for continuous improvement.

 

EXPERIENCE

  • Minimum of 6 years experience (2+ of which must be in the banking sector) in application/DB security procedures, standards, and tools utilized within a technology solutions environment
  • Evidence of strong industry/sector participation

 

EDUCATION

  • Minimum of Bachelor’s degree in Computer Sciences or Technology related discipline (2nd class upper division)
  • Certified Information Systems Security Professional (CISSP) • Certified Information Security Manager (CISM)
  • Certified Ethical Hacker (CEH)
  • Cisco Certified Security Professional (CCSP) • Other Information security certifications

 

KEY COMPETENCY REQUIREMENTS

  • Security administration
  • Information security
  • Application and Database security
  • Incident management
  • Asset management
  • Configuration management
  • Availability management
  • Network planning

 

Qualified candidates can apply by sending their CVs to [email protected] with the job title as the subject.

Our site uses cookies to enhance your experience. By continuing to browse, you agree to our Privacy Policy