IT Risk Analyst at Unified Payment Services Limited

Detailed Job Description

• The IT Risk analyst shall be primarily responsible for security monitoring across the organization's infrastructure.

Specific job description shall include:

• Monitor Unified Payments applications, networks and databases for attacks, intrusions and other unusual activities.
• Monitoring events and activities via the Security Incident and Event Management (SIEM) platform and other security tools.
• Perform security event and incident correlation using information gathered from a variety of sources within the enterprise.
• Analysis of events to identify/detect cyber-attacks/intrusions, anomalous activities, and misuse activities. This includes providing remediation plan and consulting with IT for implementation of remediation strategy.
• Vulnerability assessment, remediation management and coordination of penetration testing activities.
• Review of threat intelligence, identification of vulnerable assets and implementation of threat prevention plan.
• Investigating security alerts and provide adequate incident response.
• Endpoint detection and response to ensure threats are managed.
• Keeping abreast with emerging cyber security threats, trends and proffering actionable solutions to mitigate them.
• Evaluation of the Company's security products for improvement purposes.
• Designing and reviewing of the company's information security systems and programs.
• Identifying potential weaknesses and implementing measures to mitigate them.
• Assists with tracking and documenting cyber incidents from initial detection through final resolution.
• Liaising with stakeholders in relation to cyber security issues and provide recommendations.
• Generating periodic reports for both technical and non-technical stakeholders.
• Assist with the creation, maintenance and delivery of cyber security awareness training for staff.

Preferred Qualification

• HND / BSC / B.Tech in Cybersecurity, Mathematics, Computer Science, Computer Engineering or any Social Science discipline.
• CISA, CISM, CRISC, CEH, CISSP, GIAC or similar security certification is highly desired.
• Experience level: 0-5 years experience

The Successful Candidate shall have:

• Knowledge of cyber and information security program management and frameworks (e.g. STIG, NIST CSF, ISO/IEC 27000, PCI, CobiT, CIS etc.) and the ability to translate information security policies into operational processes.
• Advanced vulnerability management and threat detection skills.
• Skilful use of tools such as Intrusion Prevention and Detection Systems (IPS/IDS), Security Information and Event Management (SIEM) tools, Threat Intelligence and vulnerability scanning tools etc.
• Extensive and proficient use of security monitoring tools
• Excellent verbal and written communication skills to develop positive relationships and effectively communicate with business partners, and all levels of management.
• Extremely responsive, with a strong sense of urgency.
• Excellent analytical skills in order to identify and communicate security risks and appropriate measures needed to help mitigate those risks.
• Must be comfortable in conducting independent research of issues and inquiries in order to provide guidance when requested.
• Self-motivated, innovative, creative and possess a passion for excellence and continuous improvement.