Date:
April 14, 2024
Share Post:

CEC Career Opportunity: Engineer – Information Security, Governance & Compliance (01)

Grade: CEC6 | Contract Type: Permanent | Location: Kitwe

The job holder will be required to ensure organisational alignment with regulations, standards, and best practices for data protection and operational integrity. This role includes proactive identification and resolution of cyber issues, post-incident analysis, and driving digital landscape improvements. Additionally, the job holder will play a role in creating and enforcing security policies, conducting audits, and offering guidance to enhance security and compliance measures. The job holder will be reporting to the Manager – Information Security and Governance.

Key Accountabilities

  • Update, and maintain information security policies, standards, and procedures to ensure they align with industry best practices and compliance requirements.
  • Ensure the organisation complies with relevant regulations and standards and monitor changes in compliance requirements and adapt policies and practices accordingly.
  • Identify, assess and prioritize information security risks and vulnerabilities, develop risk mitigation strategies and controls to protect against potential threats.
  • Conduct security audits, vulnerability assessments, and penetration testing to identify weaknesses and vulnerabilities in the organisation’s systems and networks.
  • Contribute to the development and testing of business continuity and disaster recovery plans to ensure the organisation can recover from security incidents.
  • Manage the flow of security data from network endpoints, overseeing aggregation, retention, parsing, as well as SIEM correlation and extraction.
  • Monitor information on security-related websites and the incident response community to leverage alert data from multiple sensors and systems to determine the priority of the response.
  • Identify and implement tools to baseline activity to alert and limit suspicious activity on the Company’s cyber networks information system, telecommunication, and SCADA systems.
  • Perform an in-depth analysis or assessment of threats to critical cyber networks and infrastructure components by regularly monitoring and analyzing select security events, review of log files, platforms, applications, products, and services.
  • Detect, document, investigate, and resolve cyber security incidents as per the Cyber Security policy and provide guidance to first responders for handling cyber security incidents.
  • Conduct new technologies evaluations and advise on impact to security posture.
  • Produce and deliver high-quality reports, briefings, and assessments to facilitate understanding of cyber threat entities and environments.
  • Provide support to management of departmental expenditure within the prescribed budget to achieve cost control and identify any opportunities for improved co-management.
  • Demonstrate consistent behavior in line with the Company’s Health, Safety and Environment and Risk Management policies, procedures, and standards.
  • Demonstrate behavior in line with CEC values, standards and expectations of a professional workplace.
  • Participate as an effective team member in working collaboratively with leaders, peers and relevant others (including from other teams) to achieve business goals.
  • Conduct in-house Security Awareness training to promote a culture of security consciousness among all staff.

To be considered for this role, you will be required to have:

  • Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or equivalent, from a reputable learning institution.
  • Professional certification such as GIAC Security Essential Certification (GSEC), Certified Ethical Hacker (CEH), Certified Information Systems Auditor (CISA) will be an advantage.
  • Strong knowledge of information security principles, risk management, and compliance requirements is essential. Familiarity with security tools, technologies, and protocols is also fundamental.
  • Registered Member of the Engineering Institution of Zambia or Information Communication Technology Society of Zambia.
  • Minimum of 3 years extensive hands-on experience in information security in a reputable organisation.

Specific Competencies

  • Strong understanding of various security technologies, including firewalls, intrusion detection/prevention systems, antivirus software, encryption tools, and endpoint security solutions.
  • Capability in cyber analytics for information security, vulnerability, and patch management.
  • Experience with endpoint security solutions, including antivirus, anti-malware, and endpoint detection and response (EDR) tools, and SIEM solutions.
  • Experience with security auditing and compliance tools to assess and maintain security standards.
  • Expertise in scripting languages (e.g., Python, PowerShell) to automate security tasks.
  • Hands-on skills in networks and proficiency in the security aspects of different operating systems, such as Windows, Linux, and macOS.
  • Understanding of security governance frameworks and controls, such as ISO 27001 or NIST standards.

Applications

If you have the relevant experience and skills as indicated above, please click on this link https://forms.office.com/r/wAM9kpb8DB and complete the online job application form. Hard-copy applications will not be accepted at this stage. The closing date for receipt of applications is Friday, 8th December 2023.

CEC is committed to promoting diversity and inclusion in its staff. Suitably qualified female candidates are encouraged to apply.

Applicants are requested to provide daytime contact numbers and accessible email addresses. Only short-listed candidates will be contacted.

about CEC

Copperbelt Energy Corporation is a Zambian-based power infrastructure solutions provider. It supplies reliable, cost-effective power to industrial, commercial, and residential customers across sub-Saharan Africa.

Get updates to your inbox