Vacancy title:
Endpoint Senior Specialist
Jobs at:
Zambia National Commercial Bank PlcDeadline of this Job:
Thursday, October 05 2023
Summary
Date Posted: Friday, September 22 2023, Base Salary: Not Disclosed
JOB DETAILS:
Description
Job Purpose
The responsible oversees the security of the Bank’s endpoint devices such as desktops, laptops, mobile devices, and servers. The roles will ensure to protect these devices from various security threats, including malware, viruses, phishing attacks, and other cyber threats. This also includes the enforcement of Endpoint security solutions to ensure that the Business is aligned and adheres to Endpoint Security Management Policies, Processes, Procedures and Internal Controls that will drive the entire Endpoint Security Management culture across the Division and the Business as a whole to assure compliance.
Job Responsibilities
• To oversee Endpoint Security Assurance to ensure the Review and Analysis of Servers, desktops, laptops and mobile devices security requirements.
• Oversee Technical liaison with the Infrastructure Team, including guiding the teams towards strong and Secure Endpoint Deployment using best Security practices in order to remediate known Risks.
• The Development and implementation of continuous service improvements to Endpoint Security and Controls.
• Ensure endpoint system are securely configured and managed through operating system appropriate security platforms and tools.
• Performs functional analysis, make recommendations for security improvements to existing processes and technologies, and provides immediate and efficient response to Endpoint incidents ranging from – threat analysis, intrusions, malware, unauthorized access, insider attacks, unapproved access and loss of proprietary information.
• Management of Information Technology Security Incidents and Assessing threat and vulnerability from all sources (both internal and external) and promptly applying applicable mitigation techniques as well as escalating information to appropriate senior staff.
• Collaborate with the Infrastructure Team to maintain detailed documentation of endpoint images, including details about the functionality of all security agents and the functions those tools provide.
• Ensure the secure on-boarding and off-boarding of Endpoint devices through the implementation of Baseline and procedure documents which are aligned to the Banks security policies.
• Ensure the periodic user management review on Endpoint Devices and also ensuring that the user management process for Endpoint Devices is aligned as per the approved process.
• Oversee the Patch Management process with the Infrastructure Team to ensure that all Endpoint Devices are periodically patched as per the patch plan.
• Ensure the Management and monitoring of privileged user accounts across Endpoint Environment.
• Proactively protecting, monitoring, investigating and resolving threats to a secure Endpoint environment and the Banks Assets.
• Ensure that Quarterly Endpoint Security Reviews are conduction on Servers as highlighted in the Security policies.
• Implementing and Monitoring Policies, Processes and Procedures for the overall Integrity of the Information Technology Disaster Recovery System for the Bank.
• Ensure a secure business environment and protection of stakeholder value through ensuring availability, integrity and confidentiality of networks and IT Infrastructure as required by the business
• To perform and coordinate log management through the Security events and information management (SIEM).
• Security tool administration and support (Network/Endpoint/Threat Hunting/Investigations)
• Report and track any security breaches detected on the Network.
• Regularly review the security posture of the IT Network Infrastructure and applications under the Information Technology department.
• Support and participate in the IT Disaster Recovery Plan, DRP planning and testing
• Assist with periodic security risk assessments, IT security audits, and management reporting.
• Review and coordinate changes to information security policies, procedures, standards, and audit work programs in a continuous improvement model
IT Security Operations:
• Identify, define and document Endpoint security requirements and recommend solutions to management.
• Contribute to the development and maintenance of the cyber security strategy, specific to endpoints
• Consult with the I.T Infrastructure Team in security architecture reviews and provides feedback on proposed design or version upgrades in software
• Ensure the Bank’s ICT Infrastructure and Endpoint Security program is delivered in line with the Business requirements.
• Facilitate secure ICT deployments to ensure Integrity, Confidentiality and Availability.
• Regularly review Threat Intelligence and thus disseminate information and countermeasures concerning Threats and Vulnerabilities.
• Ensure Endpoint Security Compliance for all Bank laptops and desktops.
• Communicate regularly with Information Security Management as the technical security advisor on desktop technology, with internal clients
• Ensure interactions between Bank systems and Customers/Partners occur in a secure manner.
• Provide Technical inputs, evaluate and recommend new and emerging security Products and Technologies.
Vendor Management:
• Manage sourcing Strategy, Benchmarking and Contract Lifecycle.
• Accountable for Internal and External Service Level Agreements with other departments and various 3rd party Vendors/Service Providers.
• Research and make recommendations on hardware and software purchases and assist Procurement Management Tender Committee to ensure cost-effective purchasing decisions.
• Establish a Penalties System and imbed within the SLA to hold Vendors to be more accountable.
• To provide input into the development of Procurement governance guidelines. Risk Management:
• Evaluate risk likelihood and impact and prioritize them for analysis and response planning.
• Ensure that all risks applicable to any area is identified, assessed, reported and captured in the Risk Register.
• Ensure accurate and complete reporting of risk events within the stipulated time line (i.e. 7 calendar days).
• Ensure all emerging risks are reported and mitigating factors put in place.
• Identify, monitor and report Key Risk Indicators (KRIs) in respective unit/department.
• Ensure to operate within the given risk appetites and report any breaches promptly.
• Implement and Close all Audit recommendations, identified control weaknesses from Risk and Control Self- Assessment (RCSAs), Consultancy Reports or Customer Complaints and Risk events.
• Participate in the annual review of Procedure Manuals when requested.
• Ensure familiarization with and adherence to the Zanaco Enterprise Risk Management framework and participate in Risk Management Trainings organized by Integrated Risk Management (IRM) Unit.
Requirements
Qualifications/Experience
Education:
IT related Degree, MSc/MBA an added advantage
Professional: As required by Function
Minimum Experience: 6-7 years working experience across function technologies.
• Exceptional knowledge of service and application delivery, as well as successful service level agreement accomplishments.
• Excellent knowledge Endpoint Operating Systems, Storage and Virtualization Environment.
• Cloud Solutions, Business Continuity, Disaster Recovery, Quality of Service.
Certifications Required: Certifications as added advantage: ISO 27001, COBIT 5, ITIL, CISA, CISSP
Work Level
Senior
Job Type
Permanent
Salary
Market Related
EE Position
No
Location
Lusaka
Work Hours: 8
Experience in Months: 72
Level of Education: Bachelor Degree
Job application procedure
• Interested and qualified? Click here to apply
All Jobs
Join a Focused Community on job search to uncover both advertised and non-advertised jobs that you may not be aware of. A jobs WhatsApp Group Community can ensure that you know the opportunities happening around you and a jobs Facebook Group Community provides an opportunity to discuss with employers who need to fill urgent position. Click the links to join. You can view previously sent Email Alerts here incase you missed them and Subscribe so that you never miss out.