Veritran1
Information Security Analyst
Job description
Reporting directly to the Chief Information Officer, the Information Security Analyst is responsible for building, operating, and continuously improving the organisation’s enterprise information security and cyber resilience technical programme. This role combines governance and compliance with technical, hands-on security operations. The Information Security Analyst ensures alignment with National Payment Systems Cybersecurity Framework, PCI-DSS, ISO 27001, and other applicable standards and directives, while actively defending and monitoring critical systems.
Key Responsibilities
1. Governance & Policy
- Develop and maintain the enterprise information security strategy, standards, and policies.
Ensure alignment with NIST and NPS Cybersecurity Frameworks.
Drive staff awareness programmes and enforce security baselines.
2. Risk Management
Lead recurring cybersecurity risk assessments and maintain an actionable risk register.
Identify and communicate risks to executive leadership and Risk & Compliance.
Manage third-party/outsourcing risk controls.
3. Security Operations (Hands-On)
Actively monitor, parse, and triage logs across servers, firewalls, SIEM, and applications.
Write and maintain scripts (bash, Python, PowerShell, regex) to filter, correlate, and analyse data.
Lead vulnerability scanning, penetration testing coordination, and remediation tracking.
Tune SIEM rules, alerts, and dashboards for actionable intelligence.
Support secure coding practices, review application security outputs, and guide developers on remediation.
4. Incident Response
Lead security incident investigations: containment, forensics, root cause analysis.
Coordinate breach notification and reporting with regulators and stakeholders.
Maintain and test the Cybersecurity Incident Response Plan.
5. 3rd Party Liaison
Act as a company representative in the role of cybersecurity officer.
Maintain evidence of compliance for Third Party Security Assessments, Accreditations and and Audits.
Provide clear risk and compliance reports to the Board.
6. Team Engagement
Participate in cross-domain and multi-stakeholders projects to ensure secure-by-design/defence-in-depth approaches.
Build capacity through training, technical exercises, and knowledge transfer.
Coordinate with stakeholders to embed security controls.
7. Audit & Assurance
Support all internal/external audits (TPSA, ITGC, PCI, ISO).
Close audit findings with documented evidence and root cause fixes.
Required Skills & Qualifications
Education: Batchelor of Science degree (2:1 or equivalent) in Information Security, Computer Science, or equivalent industrial experience.
Certifications: CISSP, CISM, ISO 27001 LA, OSCP, or equivalent (advantageous but not a substitute for skills).
Experience: Minimum 2–4 years in technical roles, ideally in banking, payments, or regulated industries.
Core Skills:
Strong Linux/Unix administration skills.
Proficiency in scripting (bash, Python, PowerShell).
Regex fluency and log analysis across SIEM, syslog, and application stacks.
Secure coding principles and ability to critique/review methodologies and output
Proven incident response and analysis experience.
Understanding of OSI Stack, network security, firewalls, IDS/IPS, and vulnerability management.
Essential Attributes
Analytical mindset with strong problem-solving skills (must be able to read, parse, and make sense of data).
Practical approach: able to operate with limited tools and resources.
High personal integrity and accountability: role involves direct regulator engagement.
Comfortable switching between high-level governance and low-level technical work.
This position is a permanent, full time position based in our offices in Harare, Zimbabwe. Please ensure you are eligible to live and work in that location before applying. We're looking for the best technical skills in the country and offer a package unrivalled to attract the very best.


