Senior cybersecurity specialist

About Digicel

Enabling customers to live, work, play and flourish in a connected world, Digicel’s world class LTE and fibre networks deliver state-of-the-art mobile, home and business solutions.

Serving 10 million consumer and business customers in 25 markets in the Caribbean and Central America, its investments of over US$5 billion and a commitment to its communities through its Digicel Foundations in Haiti, Jamaica and Trinidad & Tobago have contributed to positive outcomes for over 2 million people to date.

With the Better Connected ethos at the heart of everything, its 5,000 employees worldwide work together to make that a powerful reality for customers, communities and countries day in, day out.

               Digicel also delivers news, sports broadcasting, digital media and financial services in several of its markets

Visit www.digicelgroup.com for more.

Job Purpose

As the Senior Security Operations Specialist, you will be responsible for cybersecurity operations for MonCash. This involves collaborating with internal and external security partners and stakeholders, administration of the deployed security systems, analysis and reporting on cybersecurity testing and hardening, incident response, providing expert guidance on new projects, network changes, and ensuring compliance with Digicel Group policies, standards, procedures KPIs, SLAs, and relevant information security and data privacy laws and regulations.

Key Objectives 

• Ensure Regulatory and Security Compliance.
• Security Monitoring, system administration, and Continuous KPI Improvement.
• Provide expert guidance and testing on projects and liaising with security partners and stakeholders.

Main accountabilities

• Ensure compliance with applicable laws and regulations related to data protection and information systems security, including those issued by the Bank of the Republic of Haiti and international standards such as ISO/IEC 27001, ISO/IEC 27701, and NIST SP 800-53.
• Enforce Digicel Group Information Security policies, standards, procedures, KPIs and SLAs.
• Enforce the use of strong access control and encryption standards for data at rest and in transit, and access to systems, aligning with company encryption requirements.
• Support IT backup and recovery process, and ensure disaster recovery plan and company policies are is maintained and reviewed periodically.
• Collaborate with technical teams: IT, Technology, Service Desk, Applications owners on matters related to security monitoring, testing, configuration, remediation and compliance.
• Configure, maintain and troubleshoot security systems deployed across all endpoints and user accounts.
• Track and ensure coverage of security logging and monitoring tools, assist in new deployments, upgrades, changes and other security projects as directed.
• Track and report on security non-compliance related to endpoint security coverage, device hardening, user accounts, and various other security areas assigned
• Understand and perform level-1 and level-2 triage of the alarms, events and threats escalated by the security operations center (SOC).
• Quickly and accurately define mitigation plans to respond to different types of threat such as malware, insider threat, external compromise, etc. following the incident response plan.
• Respond/Coordinate efforts between key stakeholder teams to emergency security threats from Firewall (FW), Intrusion Detection Systems (IDS), Access Control, Email Threat Protection, and endpoint protection.
• Collaborate with security partners, consultants and auditors for required activities.
• Report accurately and in a timely manner on security issues, concerns, and the threat landscape to Group Security Operations Manager.

• Manage and maintain vulnerability testing platform and configure/control the vulnerability scans, schedules, tracking, reporting, provide remediation guidance, and ensure the recommendations of the OWASP Top 10 are followed.

• Generate and improve findings from security tests, assessments, reports and Key Performance indicators (KPI).
• Find innovative ways to promote and support good security practices withing the company.
• Collect logs and evidence for investigations and provide support as needed.
• Respond and provide security guidance to remediate weaknesses, incidents and issues within SLA.
• Perform other duties as assigned from time to time.

DISCLAIMER:

This job description indicates the general nature and level of work expected of the incumbent.  It is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities required of the incumbent.  Incumbent may, and probably will be asked to perform other duties as required.  Each employee, regardless of classification, is required to maintain a safe, orderly and clean workplace, using safety precautions and observing safety rules at all times.