Specialist: Network Sec & Cryptography at Road Accident Fund

Key Performance Areas

Cryptography

• Develop encryption algorithms by designing complex algorithms that convert data into a format that can be only understood by those who possess a unique decryption key, ensuring the confidentiality of the information.
• Analyse and test security systems by evaluating existing encryption systems for vulnerabilities and perform rigorous testing to ensure that there are no weaknesses that could be exploited by cybercriminals.
• Ensure the integrity and security of data in transit and at rest by implementing cryptographic techniques, such as digital signatures and public key infrastructures (PKIs).
• Ensure that encryption practices comply with relevant laws, regulations, and industry standards related to data security and privacy.

Network Security

• Support in the design and implementation, of security measures and protocols such as firewalls, private access, intrusion detection systems, and encryption technologies to protect network infrastructure.
• Monitor network security systems and logs for signs of intrusion, malware, and unauthorised access.
• Conduct regular network assessments to identify vulnerabilities and risks. Develop strategies to mitigate identified risks and improve the overall security posture of the organisation.
• Continuously monitor network security systems and logs for irregular activities, potential breaches, and vulnerability exploits.
• Regularly review firewall settings and rules to verify correct implementation and effectiveness against unauthorised access and threats.

Incident Response and Remediation Management for Systems and Networks team

• Thoroughly investigate incidents and apply appropriate corrective actions where necessary to address and resolve issues.
• Act promptly to incidents and requests, ensuring resolution within the mandated time frames to comply with legal obligations.
• In the event of a security breach or incident, conduct a detailed investigation, analysis, and review to understand the root cause and impact. This will ensure there are strategies to prevent future occurrences.
• Document all network security and cryptography incidents or requests in the RAF incident management system.
• Work in close coordination with the cybersecurity and networks teams to enhance security protocols, respond efficiently to security incidents, and proactively work on strategies to avert potential threats in the future.

Implement Security Controls Across RAF Systems and Networks under your Control

• Verify that all requests and changes receive proper authorisation before they are implemented.
• Guarantee the implementation of controls strictly follows the RAF change control procedure.
• Detect potential security breaches both before and after control implementations.
• Develop, apply, and keep updated processes and procedures to ensure the consistent correct functioning of security solutions under your management.

ICT Security Awareness

• Advice regarding compliance with relevant legislation and regulations pertaining to the RAF Network Security and Cryptography requirements.
• Provide advice and handle enquiries relating to Network Security and Cryptography.

Monitoring, Reviewing and Reporting on ICT Security

• Manage all monitoring, reviewing, and reporting tasks for the systems and applications you oversee.
• Regularly check, evaluate, and reports on the compliance status of ICT systems and networks.
• Monitor, evaluate, and report on any potential security risks or incidents in ICT systems and networks.
• Offer advice on revisions to information systems (including user requirements, functional and technical designs, and project documentation) to ensure they align with approved security policies, standards, processes, and procedures.

Auditable Record Keeping

• Create and uphold comprehensive documentation for all monitoring and reviewing activities.
• Keep precise records of any breaches or incidents, adhering to established protocols.
• Ensure that records are readily available for auditing within the stipulated deadlines.

Policy Review and Implementation

• Contribute to developing and implementing departmental policy, standards & procedures, and processes.
• Keep up to date with effective policy and practice execution strategies.
• Create comprehensive standards, processes, and procedures for network security and cryptography.

Reporting

• Assist in creating and submitting reports to various governance entities.
• Help establish effective reporting mechanisms for management, projects, or performance insights.
• Consistently offer progress reports and make timely submissions to aid in management decisions.

Stakeholder Management

• Aid in proactive and progressive relationships with key stakeholders.
• Deal with inquiries and requests for information from both internal and external stakeholders.

Qualifications and Experience

• Bachelor’s Degree/ Advanced Diploma in Information Technology related qualification.
• ICT Security certificate together with a CISSP/ CEH or similar international ICT Security certification.
• Relevant 5 - 7 years’ experience in ICT Security with specialities in system and network security environment.
• Experience in symmetric and asymmetric encryption, hash functions, digital signatures, cryptographic protocols, and common algorithms (AES, RSA, SHA,).