Sagicor Life Jamaica Limited is seeking to identify a suitable candidate to join our IT & Data Security team in the capacity of IT & Data Security Officer
The selected candidate will Work closely with all the teams throughout the software development life cycle (SDLC) to ensure security is considered at all stages and that best practices are followed; Perform risk analysis and security testing to verify the strengths and weaknesses of web applications and/or services.
Key Duties and Responsibilities:
- Work closely with all the teams throughout the software development life cycle (SDLC) to ensure security is considered at all stages and that best practices are followed.
- Perform risk analysis and security testing to verify the strengths and weaknesses of web applications and/or services utilizing commercial and open source security testing tools.
- Regularly reviews application design/implementation utilizing threat modelling, risk analysis and attack surface analysis.
- Coordinates, monitors and reports on the remediation of reported vulnerabilities.
- Facilitate training and awareness of security and privacy risks, applicable standards, risks and industry best practices
- Reporting - Compile monthly informational report of activities
Academic Qualifications/Specialized Skills/Competencies:
- A minimum of a Bachelor’s degree in Computer Science or equivalent qualifications, from a recognized tertiary institution.
- Must have 2 to 3 years (recent) experience in performing web application vulnerability assessments.
- One of more of the following certification would be an asset Security+, Certified Ethical Hacker (CEH), PentTest+ or SSCP
- Experience reviewing security aspects of the application design, software framework, and infrastructure to identify risks.
- Core understanding and hands-on use of web application security scanning software and related penetration testing tools.
- Working knowledge of application security vulnerabilities, testing techniques, and the OWASP framework.
- Knowledgeable on industry standards, guidelines, and regulatory compliance requirements related to information security and cloud computing (e.g., GDPR, ISO 27001, Cloud Security Alliance, NIST 800-53, PCI DSS).
- Experience with the configuration and hardening controls with operating systems, web servers (and services) and database management systems
- Exposure to methods of promoting security awareness.
- Strong communication (verbal/written) skills, with an ability to manage internal and external relationships up to senior levels of management.
If this role is of interest to you kindly submit an application no later than October 31, 2020. While we appreciate all applications, only shortlisted applicants will be contacted.