This role will involve working with stakeholders in Vodafone Ghana to drive out Cyber Security requirements and baseline requirements in Software Development Life Cycle program. The role is responsible to guide the efforts of the Application/Digital team to implement day-to-day cyber prevention, detection, and response controls.Key accountabilities and decision ownership
Job Title: Application Security Specialist
- Provide supervisory technology security assurance, guidance, and support to the Vodafone Ghana (VFGH) team as well as Vodacom Group & Vodafone Group where needed.
- Ensure that applications and services are secured and implemented with best security practices.
- Defining, implementing, and efficiently maintaining technology security controls and requirements.
- Ensure timely delivery of technology security assurance and support for projects.
- Provide SME input to technical analysis, design, of application and digital systems.
- Provide accurate and timely reporting of technology security risks identified during project engagement and propose remediation and mitigation options.
- Participate in creation and execution of technology security strategy.
- Leads the application security program, defines standards, policies, and procedures, and coordinates with Technology teams to implement and maintain integrated applications.
- The role requires the individual to monitor information security governance, risk, and compliance by Vodafone Ghana Corporate IT, Mobile and Enterprise Business domains.
- Engage with the stakeholders on control effectiveness and deficiencies in the design and operating effectiveness of information security controls, design and recommend opportunities for continuous improvement.
- Interpret and manage the controls and capabilities required for VFGH to establish and comply with an information security management system in alignment with information security international best practice and/or industry standard(s).
- Develop, manage, and implement the Vodafone information security audit and assurance plans and schedules, including any specific business needs and requirements (including PCI, ISO27001, GDPR, POPIA, Cyber Crime Bill).
- Manage and conduct formal information security risk analyses, reviews, tests, audits and/or self-assessments.
- Design appropriate remedial actions for identified risks, drive remediation of findings and management of risks and exemptions.
Core Competencies, Knowledge And Experience
- Bachelor’s Degree in Computer Science, Information Security, Engineering or Technology or other related fields.
- Minimum of 5+ years of experience in Tech Security role.
- Foundation experience and reasonable understanding of network stack, network protocols
- Web Security & Encryption
- Secure coding and Security Testing knowledge (SAST and DAST), Vulnerability management
- Understanding of OWASP top ten web application security risks
- Understanding of network security (incl. IDS/IPS, WAF, DLP Anti-malware, URL/content filtering, SIEM, others)
- Knowledge of Windows, UNIX and Linux operating systems.
- Practices and methods of enterprise architecture and security architecture
- Application and Network security architecture development and definition.