Security Analyst at Seplat Petroleum Development Company Plc

Overall Purpose of the Job

• Monitors the application and compliance of security administration procedures and reviews information systems for actual or potential breaches in security.
• Ensures that all identified breaches in security are promptly and thoroughly investigated and that any system changes required to maintain security are implemented.
• Ensures that security records are accurate and complete and that requests for support are dealt with according to set standards and procedures.
• Contributes to the creation and maintenance of policy, standards, procedures, and documentation for security

Principal Accountabilities: 

• Drafts and maintains policy, standards, procedures, and documentation for security administration, taking account of current best practices, legislation, and regulation.
• Ensures that all identified breaches in security are promptly and thoroughly investigated.
• Interviews offenders in conjunction with the relevant line manager or on their authority if the breach warrants it.
• Reviews information systems for actual or potential breaches in security, and investigates the complex, or highly sensitive violations referred by more junior staff or colleagues, handling issues imaginatively, efficiently, and professionally.
• Obtains factual information, and formulates opinions regarding exposed violations, through interviews with all levels of staff.
• At all times, undertakes to bring to the attention of management any actual or potential breaches in security
• Investigates system access inquiries referred by support staff and all inquiries relating to information security,
• And contingency planning, as they affect the activities of the organization, function, or department.
• Implements and adopts known techniques to satisfy new access requirements, or provides an effective interface between users and service providers when existing facilities are considered inadequate.
• Recognises requirements for, and creates, auditable records, user documentation, and security awareness literature for all services and systems within IT Security Management, ensuring that the records provide a comprehensive history of violations, resolutions, and corrective action.
• In consultation with senior security personnel, devises and documents new or revised procedures relating to security control of all IT environments, systems, products, or services (including physical security) to demonstrate continual improvement in control. Ensures that any system changes required to maintain security are implemented.
• Ensures that training, guidance, and support are provided to other security administrators, in all aspects of security policy and control.
• Monitors the application and compliance of security operations procedures, and non-compliance reports.
• Advises on, and assists with the assessment of the potential impact on existing access security mechanisms of specific planned technical changes, to help ensure that potential compromise or weakening of existing security controls is minimized. Also assists in the evaluation, testing, and implementation of such changes

Job Context and Challenges:

• Performing security audits, risk assessments, and analysis
• Making recommendations for enhancing data system security
• Researching attempted breaches of data security and rectifying security weaknesses
• Working with the Network & Security Services Coordinator to formulate security policies and procedures
• Monitoring systems security and responding to security incidents
• Carrying out security systems testing
• Ensuring integrity and confidentiality of sensitive data
• Implementing network security policies and procedures
• Administering and maintaining firewalls
• Managing, monitoring, and updating virus prevention systems
• Monitoring security advisory groups to ensure all necessary security updates, patches, and preventative measures are in place
• Performing intrusion detection tests and analysis
• A meticulous method of working and attention to detail.
• Demonstrates thorough knowledge of good security practice covering the physical and logical aspects of information products, systems integrity, and confidentiality.
• Thoroughly familiar with the organization’s security policies and all relevant legislation and industry trends that affect security within the defined scope of authority.
• A good understanding of Information Security Management Systems based on ISO 27001 is mandatory.

Job Knowledge and Qualifications

• Educated to Bachelor's Degree level or holds a relevant professional qualification.
• 5 years of minimum experience in security administration