This role is to provide technical support required to ensure Vodafone meets and exceeds cyber security compliance of General Data Protection Regulation Law passed by EU with direct impact on Vodafone Ghana to detect data breaches and minimize impact of cyber-crime on Vodafone Assets. This position requires data analytics to develop and implement models, patterns and trends which indicate mobile money fraud risks, test and confirm hypothesis and develop actions for mitigating or eliminating identified patterns for telecoms or Vodafone Cash frauds. Additionally, the successful candidate would develop initiatives and programs for cyber forensics which includes combatting mobile money cybercrimes and protection of critical systems against cyber-attacks.
The person would provide support to initiatives by Information Security for creating cyber security awareness, vulnerability assessment and follow up of actions to close identified vulnerabilities. He or She would develop and manage the implementation of initiatives and programs for predictive data analytics of mobile money logs and other transactional telecom logs or Call Data Records as well as manage the implementation of identified and appropriate forensic tools for proactive and reactive fraud management with the aim of revenue optimization. This position requires ownership of problems, supporting design and implementation of new solutions, as well as training/supporting HR and work closely with Corporate Security in the fight against insider and external threats with other main stakeholders being Internal (Finance, IT, Networks and Service Operations) and External (Ghana Police, Judicial Service, etc. through External Affairs.).
Job Title: Cyber Security Engineer
Key accountabilities and decision ownership
- Plan, implement and upgrade security measures and controls
- Protect digital files and information systems against unauthorized access, modification or destruction
- Maintain data and monitor security access
- Conduct internal and external security audits
- Manage network, intrusion detection and prevention systems
- Analyze security breaches to determine their root cause
- Recommend and install appropriate tools and countermeasures
- Define, implement and maintain corporate security policies
- Security awareness training
- Coordinate security plans with outside vendors
- Review security events and alerts, vulnerability and configuration data, and other information from the VFGH network environment, combined with intelligence, to identify potential & active threats to systems & data.
- Analyze attacks reported from multiple sources both internal and external.
- Conduct detailed comprehensive investigation and triage on wide variety of security events and implement cleanup and remediation processes.
- Use security business intelligence to drive prioritization and improvements within VFGH security programs.
- Keep up to date on emerging vulnerability and threat trends and using this knowledge to drive proactive threat monitoring.
- Participate in creating innovative ways to use a wide range of security event data to advance detection methods.
- Create procedures around proper records and documentation of team engagement models.
- Collaborate with security partners and threat intelligence teams to derive indications and warnings of impending threat Participation on Incident Response that includes root cause and lessons learned.
- Collaborate with Regional Sales Managers to ensure that mobile money and data fraud incidents are coordinated and effectively managed end to end.
- Supervise and ensure that fraud incident case management are prepared and liaise with legal /external affairs to ensure that Vodafone has a good case for criminal prosecution.
- Work with other Business Team to align security policy with standards.
- Identify, create and manage security programs to enhance the Confidentiality, Integrity and Availability of VF Ghana services
- Perform impact analysis and regression test for any project that will be put into production.
- Perform periodic Systems Compliance Audit. Communicate findings and corrective action in a report to management; recommend systems upgrades and improvements.
- Work in collaboration with Security team members to create a unified Security approach for VF Ghana.
- Responsibility for day to day management and implementation of VF GH Security policy Framework.
- Ongoing creation and monitoring of Industry system policies to ensure VF Ghana implement best in class technical security standards in a timely manner.
- Optimise System security in collaboration with System Owners by utilizing implementation of policy framework and integrated business processes and/or requirements.
- Work to ensure Internal Audit Logical Security team controls are addressed.
- Document in detail incident solution for all cases, issues and incident worked on
Core competencies, knowledge and experience
- BSc. Computer Science/IT, MIS, Qualifications good to have: CISSP, CRISC, CISM, CISA, CCNA, CCNE, lead auditor IS27001 or equivalent
- Minimum of 4 years of broad work experience including network/system administration, engineering and security
- 3-5 years of work experience in security operations, security analysis, or incident response
- 5years experience as a service engineer or system analyst with working experience in Vulnerability Assessment tools
- Minimum of 5years experience in UNIX/LINUX, WINDOWS or other propriety operating systems with minimum of 3years experience in Systems Hardening
- 4years experience in security analysis, incident response, and analyzing a wide variety of network and host security logs to detect and resolve security issues would be added advantage
- 4years experience with common security operations systems, (i.e. Intrusion Detection
- Systems (IDS), Security Incident Event Management systems (SIEM), anti-virus, log collection systems, etc.) is an added advantage.
- Ability to combine technical skills with an understanding of business needs to successfully protect assets
- Strong technical and process experience required to address cross functional requirements.
- Ability to adapt quickly to new technologies and concepts
- To provide guidance, local training and assistance and to work in close liaison with other internal and external teams to resolve technical issues.
- Ability to work in sometimes high pressure environments and to work independently.
- Knowledge of Mobile and Fixed Core networks would be an advantage.
- Knowledge of access control systems and business control processes.
- Knowledge of Cloud infrastructure
- Demonstrated success as a member of a highly collaborative team
- Ability to deal with the ambiguity associated with working in a fast paced and changing environment
- Knowledge & experience with malware analysis.
- Excellent interpersonal and group dynamic skills.
- Strong written and verbal communication skills.
- Ability to manage and deliver multiple project phases at the same time