Job Title: Information Systems Security
Administrator (ISSA)
Department: Information Systems
Job Purpose:
The Information Systems Security Administrator (ISSA) is
responsible for safeguarding Jambojet’s IT infrastructure and digital assets.
This role ensures the airline’s systems remain secure, resilient, and compliant
with industry regulations by implementing, monitoring, and continuously
improving cybersecurity controls and policies. The ISSA proactively manages
risks, responds to incidents, and supports the organization’s overall cyber
maturity and resilience.
Key Responsibilities:
IT Security Infrastructure Management
- Install,
deploy, configure and maintain security technologies, including
firewalls,nIDS/IPS, antivirus software and encryption solutions. –
- Ensure
that security systems are up-to-date and optimized.
- Ensure
secure access control and authentication protocols.
- Maintain
endpoint security and conduct regular system hardening.
Threat Detection and Incident Response
- Identify,
assess, and manage cybersecurity risks, threats and vulnerabilities.
- Support
in developing and implementing the organization-wide Information
- Security
function to ensure information security risks are identified and
monitored.
- Implement
and fine-tune security monitoring solutions, including SIEM (Security
Information and Event Management) systems, to detect and respond to
security incidents. – Support in developing strategies for risk mitigation
– Monitor networks and systems for security breaches.
- Analyze
and triage security alerts, responding to high-priority incidents in real
time.
- Act
as first responder for cybersecurity events or breaches and collaborate
with incident response teams to investigate and mitigate security
breaches.
- Develop
and maintain an incident response plan with an emphasis on data-driven
incident handling.
Risk & Vulnerability Management
- Conduct
regular risk assessments, vulnerability scans, and penetration tests.
- Identify
potential threats and recommend mitigation measures.
- Support
secure integration of third-party systems.
Security Policy & Awareness
- Draft,
review, and maintain IT security policies, procedures, and standards.
- Lead
employee cybersecurity awareness initiatives and training programs.
- Promote
a security-first culture across the organization.
Regulatory Compliance & Audits
- Ensure
adherence to industry standards such as ISO27001, PCI DSS, GDPR, NIST, and
local cybersecurity laws.
- Participate
in internal and external audits; address findings and implement
recommendations.
- Ensure
all projects and systems are subjected to security checks to avert from
possible security threats pre and post go live.
- Evaluate
the organization’s security needs and establish best practices and
standards accordingly.
-Implement system automation within the organisation to ensure effective and efficient security protocols.
Security Maintenance & Change Management
- Manage
implementation of system updates, security patches, and configuration
changes.
- Evaluate
new tools and technologies to enhance security posture.
- Collaborate
with developers, project managers, and other stakeholders to ensure new
tools onboarded or developed do not pose security threats.
Forensics, Analytics & Reporting
- Collect
and preserve evidence in the event of security incidents.
- Lead
incident investigations, coordinate responses, and implement corrective
actions.
- Collect,
analyze, and interpret security-related data from various sources to
identify patterns, anomalies, and potential security threats.
- Develop
and maintain custom security analytics models and algorithms.
- Create
meaningful visualizations and reports to communicate security insights and
trends to both technical and non-technical stakeholders. –
- Automate
regular security and compliance reporting processes for management and for
compliance purposes.
Qualifications:
Academic:
- Bachelor’s
degree in Information Technology, Computer Science, or a related field.
- Professional
Certifications (Preferred):
- Certified
Ethical Hacker (CEH)
- Certified
Information Systems Auditor (CISA)
- CompTIA
Security+, CISSP, ISO27001 Lead Implementer, or equivalent
Experience:
- Minimum
of 2 years in an IT role with a focus on cybersecurity.
- Hands-on
experience in risk analysis, penetration testing, and incident response.
- Experience
performing information security audits or risk assessments.
- Experience
with various security tools to assess the organization’s security posture.
- Familiarity
with security auditing processes
- Experience
in highly regulated industries (e.g., aviation, finance) is an added
advantage
.Technical Competencies:
- Strong
knowledge of cybersecurity tools (SIEM, firewalls, endpoint protection,
etc.)
- Proficiency
in both Windows and Linux environments.
- Familiarity
with scripting languages and automation for security tasks.
- Deep
understanding of network protocols, encryption, and access control.
- Set
up of systems to identifying intrusions, configuring these to suit the
needs of the organization.
- Knowledge
of securing network technologies, applications and operating systems.
- Understanding
of common security standards and regulations relating to the aviation
environment (e.g.,PCI DSS, NIST, ISO27001, GDPR, IOSA etc.) – Capable of
enforcing security best practices in line with the National Institute of
Standards and Technology.
Behavioral Competencies:
- Strong
analytical and investigative skills.
- High
integrity and discretion in handling sensitive information.
- Excellent
written and verbal communication.
- Ability
to train, influence, and collaborate across departments.
- Resilient
and able to perform under pressure.
Decision-Making Authority: - Initiate
response actions during cybersecurity incidents.
- Recommend
and escalate security risks to IT leadership.
- Approve
configuration changes related to system security within defined limits.