IT Security Manager

Company description:

About Digicel

As a Digital Operator, Digicel is in the business of delivering powerful digital experiences 1440 minutes of each day to customers – that’s every minute, all day, every day.

Through its world-class LTE and fibre networks, together with its suite of apps spanning sports, news, local radio and podcasts, TV streaming, enhanced messaging and marketplaces and self-care, Digicel is the only operator in its markets that can deliver that.

Serving consumer and business customers in 25 markets in the Caribbean and Central America, its investments of over US$5 billion and a commitment to its communities through its Digicel Foundations in Haiti, Jamaica and Trinidad & Tobago have contributed to positive outcomes for over 2 million people to date.

With its Better Together brand, Digicel is making a promise of simply more to customers and communities and its 5,000 employees worldwide work together to make that a powerful reality day in, day out.

Visit www.digicelgroup.com for more.

Job description:

Primary objective of the job: (overview of the role within the team)

The core elements of the Digicel 2030 transformation see it undertaking a complete re-design of the organizational structure; putting customers in control and making a commitment to deliver a superior superfast network experience.

Cybersecurity is a centralized business function with company-wide oversight to establish the strategy, governance (policies, standards, procedures), operations (systems, coverage requirements), compliance and testing, budgeting, staff training, vendor selection and management, across all 31 Digicel companies across Caribbean, Central America and Asia Pacific.

The team’s scope oversees all business units to ensure enterprise-wide scope, and manages the deployment and management of several globally deployed security systems to encompass all Digicel country networks, infrastructure of approximately 50K devices, staff of approximately 12K, and contractors. In addition, the team oversees all cybersecurity testing and provides expert guidance on all new and proposed projects, network changes, new suppliers across the global business. This including support and controls for data protection to ensure compliance and enforcement with data protection standards and laws across the global organization.

As the IT Security Manager you will assess new technology projects, existing IT/network environments, and architect layered security to ensure best practice protections; oversee the deployment and daily operation of security tools and techniques; develop, maintain, measure and enforce compliance; conduct vendor security assessments; and lead specialized testing across the business while communicating with key external security partners and other internal stakeholders including IT/Technical teams.

Main Duties and Responsibilities:

• Ensure Security policies and supporting procedures are developed, updated and consistent with industry best practices and enforced within the local markets.
• Conduct regular and ad hoc security testing to identify security weaknesses and provide expert guidance for remediation.
• Architect and lead the deployment of security tools and manage the day to day availability and effectiveness of controls.
• Ensure configuration, design documentation, and procedures are documented for security systems
• Lead SIM Key management process and ensure appropriate changes, guidance, and security measures are implemented and adhered at all times. 
• Develop security assessment methodologies to properly assess new and existing systems and projects, vendors, including cloud environments.
• Provide expert remediation guidance to security vulnerabilities and issues identified by detection systems, security platforms and other requests raised to the security team.
• Lead incident response and digital investigations as necessary.
• Assess all new projects and system deployments to ensure security by-design, best practice, and testing, including periodic vendor security assessment where necessary
• Develop/enforce data protection controls and provide guidance on data privacy issues and remediation
• Lead security awareness training, develop content, KPI tracking, and maintain delivery platform.
• Advise Security leadership, SMT, Legal and other stakeholders of key security/compliance risks and necessary risk mitigation and controls.
• Develop/evaluate security KPIs to inform on performance, and guide improvements.
• Perform specialized security audits and other duties as assigned from time to time

Academic qualifications and experience required for job: 

• Bachelor’s degree in IT/Computer Science, Network Security or equivalent education and/or experience
• 3+ years’ experience in Information Security, IT/Network Security, Security Operations or equivalent knowledge
• 5+ years IT experience with focus on infrastructure and application management.

Specialized Knowledge, skills and training required :

Technical :

• Strong general knowledge of InfoSec, data protection and privacy laws and regulations, guidelines and standards (eg GDPR)
• Strong understanding of telco networks and security frameworks such as NIST, ISO 27001/27002, PCI, CIS Critical Security Controls, COBIT, COSO
• Good knowledge of IT and networked systems: routers, switches, web servers, messaging systems, active directory, mail servers, file servers, databases
• Strong knowledge of virtualized/cloud computing (Iaas, Saas, Paas), Azure networks and their security
• Strong knowledge of Unix/Linux and Windows Operating system and their security
• Strong understanding and knowledge of network and application security techniques and principles
• Strong knowledge of common internet protocols and applications
• Strong understanding of cloud based critical infrastructure systems and security threat mitigation
• Strong knowledge of DDoS and Symantec platforms, DLP and proxy systems
• Good knowledge of latest security vulnerabilities, advisories, incidents, penetration techniques, attack vectors, and countermeasures.
• Industry accepted certifications preferred (eg. CISA, CISSP, GIAC, CISM, CIPT, CIPM, CDPSE, CRISC, Azure fundamentals, Azure architect, Azure security engineer)

Personal :

• Deeply passionate about cybersecurity and emerging technologies and techniques utilized by threat actors.
• Out of the box thinker that enjoys constantly learning new things and can adapt that education into new processes
• Excellent verbal and written communications skills
• Experience creating and managing information security programs
• Dynamic with excellent analytic skills
• Excellent reporting and documentation skills
• Ability to prioritize tasks