ICT Risk and Security Specialist at Lagos Business School

MAIN PURPOSE OF JOB:    Design and monitor ICT security systems inorder to protect LBS’ networks from cyber-attacks by securing both online and on-premise infrastructures, weeding through metrics and data to filter out irregular or suspicious activity, and finding and mitigating risks before breaches occurs. Monitor computer systems and networks for security issues, install security software and document all security issues or breaches. Assist in keeping LBS' security systems up to date and creating documentation and planning for all security-related information, including incident response and disaster recovery plans. Assist in training and creating training programs and modules to educate LBS staff and students on security flaws, trends and proper security protocols. Ensure ICT risk management activities are compliant with internal and external compliance regulations and frameworks.

KEY JOB ROLES AND RESPONSIBILITIES

• Conduct security assessments through penetration testing, vulnerability testing and risk analysis
• Advice and monitor the deployment of security measures and regular patches to fix new vulnerabilities
• Analyzing security breaches to identify the root cause.
• Propose possible solutions/programs/protocols for minimizing ICT risk and liability.
• Prepare risk assessment reports and monitor ICT security dashboard.
• Analyze ICT requirements and provide objective advice on the use of ICT security requirements
• Continuously updating the School’s incident response and disaster recovery plans.
• Verifying the security of third-party vendors or Vendor applications by collaborating with them to meet security requirements
• Aid the actualization of initiatives that will guaranty security of the School’s ICT networks, systems, software and data.
• Act as a major monitoring and evaluation agent of the ICT operational level agreement with internal customers.
• Ensures the prompt escalation of issues to ICT management and follow-through on the implementation of decisions taken.
• Act as interface for ICT internal and external compliance and regulatory requests.
• Evaluate staff risk awareness and train them when necessary

REQUIRED SKILLS

• Security skills – Analyzing Security System Logs, Security Tools, and Data. Administering Information Security Software and Controls. Creating, Modifying, and Updating Intrusion Detection Systems (IDS). Experience with Intrusion Prevention Systems and Tools.
• Familiarity with ICT Risk and Security regulations, methodology and framework.
• Problem-solving skills – Able to devise technical and creative solutions to user issues
• Communication skills – Telephone etiquettes; Able to gather data about problems, prepare detailed notes and reports, and walk users through the steps they can take to resolve security related issues
• Time management – Having excellent time management skills and should be able to set priorities when handling multiple cases; Ability to work under pressure and to tight deadlines
• Team collaboration – Able to work with other ICT personnel, Vendors, Contractors and co-works to resolve user issues; Good and flexible communication, interpersonal and influencing skills.
• Ability to manage Users in an enterprise infrastructure environment.
• Continuous approach to upgrading of ICT skills

PROFESSIONAL QUALIFICATION

• Security (CEH, LPT, CISM)
• ICT Risk: COBIT, CRISC, CISM, CISA
• Cloud [AWS Certifications, Microsoft Azure, etc.]
• Platforms (HP, Dell, Cisco]
• Operations [ITIL, Microsoft Office suite, etc.]
• Application programming [.NET, C, HTML, JavaScript, etc.]
• Project Management [PMP, PRINCE2, MS Project, etc.]

EXPERIENCE

• A degree in Computer Science, Computer Engineering, Electrical/Electronic Engineering or related Technology/ Science disciplines.
• Minimum of 5 years post-degree work experience in an enterprise risk function or technology consulting company, with at least 4 years of experience in information security and risk.
• Experienced in the ICT risk assessment and migration controls
• Experienced with penetration testing and techniques
• Ability to identify and mitigate network vulnerabilities and monitor patch management
• Knowledge of firewalls, antivirus and IDPS concepts
• Experienced in installing security software and documenting security issues
• Performed ICT support role in an enterprise infrastructure environment with above 100 users