Regional Business Security Analyst – Africa

About the Organization:
FINCA International, one of the world's leading MFIs, provides financial services to more than 900,000 clients through 21 wholly-owned and operated subsidiaries in Africa, Eurasia, Latin America and the Greater Middle East.

About the Job:
Finca International is looking for a Regional Business Security Analyst (RBSA) – Africa. The postion will be based in Dar-es-Salaam, Kampala, or another African city with an international airport. The analyst will travel up to 75% of time. S/he will report to the director of information protection with a dotted-line report to the regional director of IT. The RBSA will be responsible for ensuring that effective security risk management practices are incorporated into IT and business practices within their FINCA region.

Tasks and Responsibilities:

• Monitor and evaluate (55%):
  • Document security and compliance of applications and supporting infrastructure;
  • Work with security and network staff to resolve identified security issues;
  • Work with network and IT staff to implement and maintain security monitoring controls;
  • Audit for internal compliance with FINCA IT and security policies;
  • Develop recommendations for improvements;
  • Monitor appropriate sources for newly identified vulnerabilities:
    • Assess existing systems against those vulnerabilities;
    • Report on risks, risk mitigations, and residual business risks.
  • Assess and document security posture of 3rd-party vendors and their services against FINCA standards;
  • Utilize appropriate tools to evaluate business environment against security policy and business risk posture:
    • Network vulnerability scanning;
    • Device configuration management;
    • Application testing;
    • Network monitoring;
    • Log review;
    • Threat modeling;
    • Source code review;
    • Other techniques as appropriate.
  • Evaluate application development and implementation activities for security risks;
  • Monitor appropriate industry sources to maintain awareness of new security tools and techniques.
• Plan and organize (20%):
  • Communicate and collaborate with internal clients to establish security direction, and provide influence and leadership on current and future technical security directions;
  • Manage all phases of project planning in security service support, including functional requirements, design specifications, testing and quality assurance, implementation and support;
  • Provide input to the annual Information Protection budget cycle.
• Acquire and implement (15%):
  • Ensuring that security requirements are identified early on and are being incorporated into all projects/applications;
  • Investigate, recommend, evaluate, deploy and integrate security tools and techniques to improve our ability to protect corporate assets and infrastructure;
  • Develop and maintain documentation of relevant IT systems and security controls;
  • Assess and capture security requirements within context of enterprise application architecture;
  • Ensure that application development and deployment meet FINCA security standards;
  • Provides security input to design and application architectural reviews.
• Deliver and support (10%):
  • IT security technical consulting services;
  • Research security issues and provide evaluations and recommendations to management;
  • Provide security awareness training to staff;
  • Participate as a member of the regional information systems and incidents emergency response team.

Qualifications:

• Bachelor's degree in a technical discipline or equivalent work experience;
• Certifications are not required, but will be considered in the evaluation process. Applicable certifications include: SANS, Cisco, CISSP;
• Knowledge of security and control frameworks (such as ISO 27001, CobiT);
• Minimum 4 to 6 years of experience performing IT security assessments;
• Experience with common assessment tools (examples nessus, Foundstone, Qualys, nCircle);
• Experience communicating assessment results to audiences with diverse technical proficiency;
• Experience constructively articulating business impact of vulnerabilities to various stakeholders;
• Experience with multiple platforms (i.e. Windows, Unix/Linux, etc.);
• Experience implementing and managing security technologies, including access control, auditing, log management, IDS/IPS, firewalls, antivirus & malware desired;
• Experience securing mobile technologies preferred;
• Fluency in written and spoken English;
• High level of personal integrity, and the ability to professionally handle confidential matters with appropriate judgment and maturity.

Closing Date: 31 Dec 2012

How to Apply:
Apply Online

View Original Posting