Information Security Specialist – Network Security/ ISO 27001 Implementation at Psyntech Limited

We are a management consulting firm resting on three oars - People, Systems & Technology. At psyntech, we understand current trends as they occur across industries and as such, our clients can rely on receiving innovative, well tailored, contextual & practical solutions to their business needs.

Primary Responsibilities

Information Security Deliverables

• Information security policy
• IT security framework design and implementation
• Information security programme
• Portal security
• Forensics
• Incident response and management
• Reporting
• Contribute to design of network architecture
• Business Continuity and Disaster Recovery
• Documentation Controls

ISO 27000

• Understand, Interpret and Provide Guidance on How to Implement and Manage Information Security Controls Best Practices
• Plan the implementation of an ISMS
• Implement the Processes and Security Controls
• Performance Evaluation, Monitoring and Measurement
• Provide Guidance on the Continuous Improvement of an ISMS
• Assist an Organization to Gain ISO 27000 Certification

Specific Responsibilities

Information security policy

• intrusion detection
• Develop Information security policies for review and approvals
• Comply and maintain applicable legal requirements, Information security policies, standards and procedures to;
  • support business/departmental goals and objectives
  • enforce confidentiality, integrity, availability and accountability at all times
• Timely reporting of legal non-compliance issues, policy, standards and procedures

IT security framework design and implementation

• Assist in the design and implementation of future security framework 

Information security programme

• Periodic risk assessment of the security of the network
• Active participation in business projects and programmes
• Prepare adequate documentation to facilitate handing over issues and operational continuity i.e. out of office programmes, trainings and site visits
• Maintain data transmission encryption standards across the network
• Firewall management
  • configuration management of all firewalls to ensure availability and uptime of contingency firewalls in times of incidents or disaster
  • Periodically execute test plans for contingency firewall devices
  • Execute change management controls for new change requests
  • Periodic log, console analysis, reviews and backups
  • Maintain adequate documentation of firewall interconnectivity diagrams countrywide
  • Consistent update of password vault of all firewall root or administrative accounts across network
• Router and switch and wireless management controls
  • Periodic review of user profiles across the network
  • Periodic review of security of router, switch and wireless configurations
  • Periodic analysis of network packets and reporting
  • Consistent update of password vault of all router and switch devices across the network
• Remote access management
  • Adequate management and documentation of VPN security technologies such as authentication, encryption and compression to prevent unauthorised access at all times
• Network penetration tests
  • Effectively participate in periodic execution of network penetration tests
  • Timely reporting of penetration tests
• Log analysis - monitor and review operational logs and events and report on potential security related events and investigate anomalies

Portal security

• Respond to cyber-attacks, and, where necessary, gather data and evidence to be used in prosecuting cyber-crime

Forensics

• Adequately support the business with all forensic related issues and investigations with world class reporting standards

Incident Response Management 

• Log, respond and report security incidents to Information Security Manager based on severity
• Investigate, track and conclude on security incidents that have occurred
• Periodically ensure the execution of test response and recovery plans where appropriate
• Manage post-event reviews and reporting to Information Security Manager

Contribute to design of network architecture

• Validate network designs for security compliance
• Work with in-house network team to achieve security
• Perform continuous and proactive security improvement

Business Continuity and Network Architecture

• Identification of activities that are critical to operation
• Identification of appropriate response options
• Development of a Business Continuity Plan
• Preparation of a Business Continuity Kit
• Testing, reporting and review of the BCM

ISO 27000

Understand, interpret and illustrate the main information security concepts

• Understand and explain the operations of the ISO organization and the development of information security standards
• Identify, analyze and evaluate the information security compliance requirements for an organization
• Explain and illustrate the main concepts in information security risk management
• Distinguish and explain the difference between information asset, data and record
• Understand , interpret and illustrate the relationship between the concepts of asses, vulnerability, threat, impact and controls

Understand, interpret and provide guidance on how to implement and                                                      manage information security controls best practices

• Identify, understand and explain the 11 clauses, 39 security categories and 133 controls of ISO 27002
• Detail and illustrate the security controls best practices by concrete examples
• Compare possible solutions to real security issue of an organization and identify/analyze the strength and weaknesses of each solution
• Select and demonstrate the best security controls in order to address information security control objectives stated by the organization
• Create and  justify a detailed action plan to implement a security control by listing the activities related
• Analyze, evaluate and validate action plans to implement a specific control

Plan the implementation of an ISMS

• Manage an ISMS implementation project following project management best practices
• Gather, analyze and interpret the necessary information to plan the ISMS implementation
• Observe, analyze and interpret the external and internal environment of an organization
• Perform a gap analysis and clarify the information security objectives of an organization
• State and justify an ISMS scope adapted to the security objectives of a specific organization
• Select and justify the selected approach and methodology adapted to the needs of the organization
• Perform the different steps of the risk assessment and risk treatment phases
• State and justify a Statement of Applicability or a specific organization

Implement the process and security controls

• Understand, analyze needs and provide guidance on attribution of roles and responsibilities in the context of the implementation and management of an ISMS
• Define the document and record management processes needed to support the implementation and operations of an ISMS
• Define and design security controls and processes and document them
• Define and write an ISMS policy and information security policies and procedures
• Implement  the required processes and security controls of an ISMS
• Define and implement appropriate information security training, awareness and communication plans
• Define and implement an incident management process based on information security best practices
• Transfer an ISMS project to operations and management the change management process

Performance evaluation, monitoring and measurement

• Monitor and evaluate the effectiveness of an ISMS in operation
• Verify the extent to which identifies security requirements have been met
• Define and implemented an internal audit program for ISO 27001
• Perform regular and methodical reviews regarding the suitability, adequacy, effectiveness and efficiency of an ISMS with policies and security objectives of an organization
• Define and implement a management review process and counsel management on it

Provide guidance on continuous improvement of an ISMS

• Understand the principle and concepts related to continual improvement
• Counsel an organization on how to continually improve the effectiveness and efficiency of an ISMS
• Implement ISMS continual improvement processes in an organization
• Determine the appropriate business improvement tools to support continual improvement processes of a specific organization
• Identify, analyze the root-causes of nonconformities and proposed action plans to treat them
• Identify, analyze the root-cause of potential nonconformalities and proposed action plans to treat them

Assist an organization to gain an ISO 2700

• Understand the main steps, processes and activities related to a ISO 27001 certification audit
• Understand, explain and illustrate the audit evidence approach in the context of an ISO 27001 audit
• Counsel an organization to identify and select a certification body that meets their needs
• Review the readiness of an organization for a ISO 27001 certification audit
• Coach and prepare the personnel of an organization for an ISO 27001 certification audit
• Argue and challenge the audit findings and conclusions with external auditors

Documentation Controls

• Document all Operational Procedures in compliance with Quality Controls requirements.
• Maintain periodic review of documented processes in compliance with Quality Controls requirements.
• Ensure adequacy of documented procedures to ensure business continuity.

Other Duties Assigned

• Support in the delivery of operational tasks assigned.
• Support in the delivery of assigned enterprise and departmental projects.

Education/Professional Qualification & Experience

• Minimum of first degree in computer science or related qualification. 
• Professional certifications in Microsoft Certified Systems Engineer (MCSE), Certified Ethical Hacker, CISSP, Firewall Administration, Security+, CHFI, Internet Security, CCNA Security, EC-Council Analyst.

Method of Application

Signup to view application details. Signup Now