Analyst - Security Internal Control and Awareness – Cameroun
MTN CAMEROON
Lieu, Non spécifié, Cameroon
·07 Jan. 2024
·Non spécifié
·Informatique - Electronique - Numérique
·Ingénieur informaticien
Participate in Implementing the Information Security policies, process, procedures, Cyber Security and Privacy framework, and Risk Treatments controls.
Users & Accounts Management
- Perform user access reviews according to the relevant processes.
- Drive the account certification process.
- Perform profiles reviews according to the relevant processes.
- Make awareness ofUser Access Management best practices.
- Contribute to mature the IAM framework (PPPs, provide inputs for systems improvements)
- Ensure compliance to our Segregation of Duties Standard.
- Ensure collection of all relevant logs from critical systems.
- Perform log analysis & generate alerts & incidents from them.
- Monitor the log management systems.
- Deploy the necessary tools & adopt the necessary process to detect security incidents.
- Analyze incidents reported through various channels and ensure their follow up until closure within established MTTRs.
- Ensure incidents are managed according to the Security Incidents procedures (including post-incidents actions).
- Maintain stakeholder’s engagement to ensure timely incident closure.
- Maintain the Information Security Baseline for IT & Network Systems
- Ensure the Baseline is enforced at delivery of projects and during operations
- Define the yearly awareness and execute it.
- Establish the scope for penetration tests to be performed by partners.
- Be the SPOC for partners during penetration tests and technical audits
- Engage with stakeholders to develop appropriate countermeasures and tools from penetration testing and audits results.
- Ability to perform proof of concept on discovered risks and vulnerabilities.
- Ensure threat protection including security information and event management (SIEM), user and entity behavior analytics (UEBA), anti-virus (AV) and intrusion detection system/intrusion prevention system (IDS/IPS)
- Analyze security events and alerts and recommend appropriate actions in response to information security incidents
- Manage network security, intrusion detection and prevention systems (ArcSight)
- Oversee/Conduct the investigation/ forensics of security breaches that occurred in MTNC environment.
- Builds productive working relationships internally and externally.
- Participates in the development of and conducts security education programs.
- Frequent use of general/technical knowledge and industry/functional practices, techniques, and standards. General application of concepts and principles. Developing professional expertise.
- Maintain deep understanding of information technology, networking and infrastructure, particularly as they pertain to cyber security. − Maintain security dashboard on daily and weekly basis.
- Implement and upgrade security measures and controls (Access Control)
- Play an active role in Disaster Recovery Tests as well as Backup & Restoration tests.
- Perform any other work-related duties and responsibilities that may be assigned from time-to time by management.
- Participate and facilitate the Audit process through follow up on resolution of audit findings and reporting on the outcomes.
- Minimum of 3-year degree in Computer Science, Telecommunication, Information Technology/Systems, or related field from a reputable institution.
- Fluent in French and English
- LPI 2
- CCNA Security
- MCSA
- CEH
- OSCP
- Comptia +
- GIAC CIH
- Minimum of 3 years’ experience in experience in implementing information security, with experience in supervising others
- Experience working in a medium to large organization.
- Experience in working in cross-functional Team or project.
- Experience in coordinating and overseeing security testing procedures.
- Experience in programming and administrating IT solutions is an advantage.
- Experience in automating/programming some checks/controls to increase efficiency
- Good Information Security Culture (Threats, Risks Management, Vulnerabilities, Standards, etc.)
- IT & Network General Knowledge (ISO Model, Computer Architecture, Web Applications Architecture, etc.)
- IT & Network Security Fundamentals
- Security Incidents Management − User Access Management (Access Reviews audits, Account certifications, Segregation of Duties, etc.) Page 2 of 5 FM-HR-O500 Sensitivity: MTN Internal
- Business Continuity Management (Backups, Disaster Recovery, etc.) − Endpoint Secure Configurations (mostly desktops, mobile and laptops): EDR, Antivirus, Patch Management, SCCM, CIS, Tenable, etc.
- Logs Management and SIEM (ArcSight, Syslog)
- ICT industry and benchmarking practices
- System Administration Knowledge and Basic skills will be a plus (Unix, Windows)
- Capacity to replay well known vulnerabilities or vulnerabilities reported by audits reports
- Programming skills (python, bash, powershell, nodejs) are highly appreciated
- Analytical Thinker
- Problem Solver
- Operational Value Creator
- Culture and Change Champion
- Results Achiever
- Operationally Astute
- Directs people
- Detail-oriented
- Manages time
» Années d'expérience: Entre 3 ans et 5 ans