• Update, and maintain information security policies, standards, and procedures to ensure they align with industry best practices and compliance requirements.
• Ensure the organisation complies with relevant regulations and standards and monitor changes in compliance requirements and adapt policies and practices accordingly.
• Identify, assess and prioritize information security risks and vulnerabilities, develop risk mitigation strategies and controls to protect against potential threats.
• Conduct security audits, vulnerability assessments, and penetration testing to identify weaknesses and vulnerabilities in the organisation’s systems and networks.
• Contribute to the development and testing of business continuity and disaster recovery plans to ensure the organisation can recover from security incidents.
• Manage the flow of security data from network endpoints, overseeing aggregation, retention, parsing, as well as SIEM correlation and extraction.
• Monitor information on security-related websites and the incident response community to leverage alert data from multiple sensors and systems to determine the priority of the response.
• Identify and implement tools to baseline activity to alert and limit suspicious activity on the Company’s cyber networks information system, telecommunication, and SCADA systems.
• Perform an in-depth analysis or assessment of threats to critical cyber networks and infrastructure components by regularly monitoring and analyzing select security events, review of log files, platforms, applications, products, and services.
• Detect, document, investigate, and resolve cyber security incidents as per the Cyber Security policy and provide guidance to first responders for handling cyber security incidents.
• Conduct new technologies evaluations and advise on impact to security posture.
• Produce and deliver high-quality reports, briefings, and assessments to facilitate understanding of cyber threat entities and environments.
• Provide support to management of departmental expenditure within the prescribed budget to achieve cost control and identify any opportunities for improved co-management.
• Demonstrate consistent behavior in line with the Company’s Health, Safety and Environment and Risk Management policies, procedures, and standards.
• Demonstrate behavior in line with CEC values, standards and expectations of a professional workplace.
• Participate as an effective team member in working collaboratively with leaders, peers and relevant others (including from other teams) to achieve business goals.
• Conduct in-house Security Awareness training to promote a culture of security consciousness among all staff.

To be considered for this role, you will be required to have:

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or equivalent, from a reputable learning institution.
• Professional certification such as GIAC Security Essential Certification (GSEC), Certified Ethical Hacker (CEH), Certified Information Systems Auditor (CISA) will be an advantage.
• Strong knowledge of information security principles, risk management, and compliance requirements is essential. Familiarity with security tools, technologies, and protocols is also fundamental.
• Registered Member of the Engineering Institution of Zambia or Information Communication Technology Society of Zambia.
• Minimum of 3 years extensive hands-on experience in information security in a reputable organisation.

Specific Competencies

• Strong understanding of various security technologies, including firewalls, intrusion detection/prevention systems, antivirus software, encryption tools, and endpoint security solutions.
• Capability in cyber analytics for information security, vulnerability, and patch management.
• Experience with endpoint security solutions, including antivirus, anti-malware, and endpoint detection and response (EDR) tools, and SIEM solutions.
• Experience with security auditing and compliance tools to assess and maintain security standards.
• Expertise in scripting languages (e.g., Python, PowerShell) to automate security tasks.
• Hands-on skills in networks and proficiency in the security aspects of different operating systems, such as Windows, Linux, and macOS.
• Understanding of security governance frameworks and controls, such as ISO 27001 or NIST standards.