IT & Systems Engineer (Cyber Security) – Kenya / South Africa / Nigeria / UK

Key Duties & Responsibilities

• Planning, implementing, managing, monitoring and upgrading security measures for the protection of WIOCC Group data, systems and networks
• Assessing the business’ current cyber security posture and identifying areas of vulnerability
• Developing and implementing a comprehensive cyber security framework that meets the needs of the organisation
• Troubleshooting security and network issues
• Responding to all system and network security breaches
• Conducting regular vulnerability assessments and penetration testing (VAPT) to identify and remediate security gaps
• Developing and maintaining an Incident Response Plan (IRP) and coordinating incident response efforts
• Ensuring compliance with relevant security frameworks (ISO27001, NIST, CSF) and regulatory requirements (GDPR, POPIA)
• Managing Security Information and Event Management (SIEM) tools for proactive threat detection and analysis
• Overseeing endpoint security (EDR/XDR) and implementing Data Loss Prevention (DLP) controls
• Providing security awareness training for employees to strengthen the organisation’s security posture
• Ensuring that the organisation’s data and infrastructure are protected by enabling the appropriate security controls
• Participating in the change management process (CAB)
• Collaborating with external auditors, vendors and regulatory bodies on security audits and compliance evaluations
• Maintaining documentation for security policies, standards, procedures and incident reports
• Daily administrative tasks, reporting and communication with the relevant departments in the organisation
• Assisting with IT Helpdesk as required

Minimum Qualifications

• in Computer Science, Cyber Security, or equivalent from a recognised university
• Technical certifications in Office 365, Mimecast, or other
• Professional certifications in cybersecurity (CISSP, CCSP, CEH, OSCP) preferred
• Experience with SIEM, cloud security (AWS, Azure), and compliance frameworks is a plus

Experience & Skills

• Requires a minimum of 3 years of technical experience in cyber security, including incident detection, incident response, and forensics
• Excellent understanding of technology infrastructures using Firewalls, VPN, Data Loss Prevention, IDS/IPS, Web-Proxy, Mimecast and Security Audits
• Great awareness of cybersecurity trends and hacking techniques
• Experience conducting vulnerability assessments, penetration testing and security audits
• Knowledge of cloud security best practices, particularly in AWS, Azure, or Google Cloud environments
• Hands-on experience with SIEM solutions and threat intelligence tools for monitoring security incidents
• Business process design, analysis, optimising and simplification experience
• Must use B/OSS tools effectively to record information accurately and concisely in a timely manner
• Demonstrated ability to manage multiple priorities and solve problems in a fast-paced environment
• Experience in implementing IT security control frameworks (ISO27001, NIST, CSF)
• Experience conducting security awareness training for staff at various levels
• Strong background in regulatory compliance (GDPR, POPIA, etc.) and working with auditors on security assessments

Attributes

• Client-focused, relationship builder
• Integrity, honesty with high ethical standards
• Boundless, passionate and flexible
• Personnel excellence, accuracy and attention to detail
• Collaborative, achieve results through teamwork and partnerships
• Excellent English written and verbal communication skills
• Passion for technology and innovation
• Ability to work under pressure, multi-task and think creatively
• Efficient time management, a fast learner in a fast-paced, dynamic environment

How to apply

Qualified candidates are encouraged to apply by submitting their updated CV including three referees. The deadline for application is 17^th March 2025. Applications should be sent to [email protected] indicating the job position in the subject line.