Network Security Analyst

JOB PURPOSE

To monitor TAJ’s technology operations against the regulatory landscape, identify risks and assess the adequacy of internal controls; monitor all computer security systems and their corresponding or associated software, including firewalls, intrusion detection systems, cryptography systems and anti-virus software as well as actively participate in the planning, execution and monitoring of disaster management and recovery activities. 

KEY OUTPUTS

• Network security events and incidents assessed and investigated;
• Information on network security control researched; 
• Security vulnerabilities investigated, corrected and/or mitigated; 
• Systems for access control framework and levels of access managed and maintained; 
• ICT Security, Disaster and Recovery plans and policies executed. 
• Training on network and information security procedures coordinated and monitored; 
• Reports prepared and submitted. 

KEY RESPONSIBILITY AREAS

Technical and Professional Duties 

• Provides network monitoring and log analysis from a variety of network sensors to investigate suspect network activity; 
• Investigates network events and incidents, assists with evidence collection, reports findings to the Network and Security Manager and supports remedial efforts; 
• Provides technical assistance to the Network and Security Manager; 
• Conducts, coordinates or assists in the investigation of information security related incidents including fraud, theft, misuse or abuse and issues findings;
• Collaborates with developers, project managers, and network engineers to ensure technical and functional requirements are implemented securely; 
• Researches, evaluates and recommends network and security improvements and information security controls;
• Creates system security, business continuity and disaster recovery plans for the security of the network; 
• Builds and administers a level of security appropriate to protect the information stored in all systems ensuring execution of security standards and policies; 
• Reviews project initiatives from an information security perspective, identifies potential risks and assists in defining appropriate mitigation strategies which could include software, hardware and/or procedural security architectural components; 
• Network and Information Security policies are adhered to by working with the IT team to resolve or mitigate network vulnerabilities; 
• Maintains TAJ’s access points, frameworks and levels of access are maintained; recommending improvements, as appropriate; 
• Ensures authorized access by investigating improper access, revoking access, reporting violations, monitoring information requests by new programming and recommending improvements; 
• Utilizes all computer security systems and their corresponding or associated software, including host and client based firewalls, intrusion detection systems, cryptographic systems, and anti-virus software to monitor network activity; 
• Participates in testing and implementing business continuity and network disaster recovery plans; 
• Collaborates with Human Resource Development in facilitating sensitization sessions for staff on network and information security procedures; 
• Keeps abreast of trends and issues in information security, risk management and disaster recovery affecting areas of responsibility; 
• Defines, establishes and implements risk management procedures, on-going risk assessment programs to ensure that risk management techniques are applied to all new and modified ICT applications, and all vulnerabilities are detected and remedied before exploitation; 
• Conducts audits of the security systems environment, which includes partnering with the various systems teams to remedy vulnerabilities, and identify and implement solutions; 
• Conducts security accreditation reviews for installed systems or networks and recommends new or revised security measures or countermeasures based upon results of reviews;
• Coordinates the design, acquisition, modification, evaluation and use of software intended to ensure that all automated systems are secure from unauthorized use, viral infection and other problems that would compromise classified, information confidentiality or privacy of data; 
• Provides assistance to the Internal Audit Section or other MDAs as required, regarding information security and computer auditing. 
• Monitors the Virtual Private Network (VPN) access to RAiS, all relevant systems and takes corrective measures where necessary; 
• Supports the identification and management of risks within the organization and by extension the respective area of work; 
• Performs any other related duties assigned by the Manager. 

PERFORMANCE STANDARDS

This job is satisfactorily performed when: 

• Network security events and incidents are thoroughly and promptly assessed and investigated; 
• Information on network security control are researched, evaluated and appropriate recommendations made; 
• Security measures are implemented to mitigate against network vulnerabilities; 
• Systems used to monitor access control and levels of access are managed and maintained within the specified guidelines and policies; 
• ICT Security Disaster and Recovery plans and policies are executed within the stipulated guidelines and agreed timeframe; 
• Training on network and information security procedures are coordinated; 
• Reports prepared and submitted in keeping with established standard and agreed timelines. 

AUTHORITY TO:

• Recommend network improvements and information security controls; 
• Make recommendations to relevant ICT Security, Disaster and Recovery plans and policies 
• Recommend the acquisition of, implementation and dissemination of ICT security tools, procedures and practices to protect information assets; 

REQUIRED COMPETENCIES

Specific Knowledge 

• Excellent knowledge of Information Technology, Security IT Governance;
• Excellent knowledge of how firewall’s IPS and proxy solutions work; 
• Thorough knowledge of Information Service methods and procedures of operations for computers and peripheral equipment;
• Very Good knowledge of Microsoft Software applications and other software applications as required; 
• Very good knowledge of risk assessment, recovery and disaster management techniques; 
• Knowledge of security best practice standards such as ISO 27001;
• Working Knowledge of Tax Administration Jamaica operations and functions. 

Required Skills and Specialised Techniques 

• Excellent decision-making, planning and organizing skills;
• Excellent research, judgement and analytical skills; 
• Excellent communication, interpersonal and team building skills;
• Very good time management skills; 
• Keen eye for details 

Qualification and Experience 

• Degree in Computer Science, Information Technology or equivalent qualification;
• Comptia Security +; 
• Certified Ethical Hacker (CEH) or certification as a Certified Information Systems Security Professional (CISSP); Would be an asset 
• Three (3) years experience in an information security, audit, compliance, quality assurance or risk management environment. 

WORKING CONDITIONS

• Normal office environment; 
• Travel (40%); 
• May be required to work beyond normal work hours and on weekends.

While we thank all applicants for their interest, only short-listed candidates will be contacted.