NAPSA
SECURITY ANALYST – APPLICATIONS – NPS 05 (Permanent and Pensionable):
Head Office (01)
1.1 Main Purpose of Job
The Security Analyst – Applications is responsible for the development and
implementation of the IT Security Strategy (covering Systems Access Control,
Vulnerability Scanning, Security Audit, Application Security and enterprise BCP)
at NAPSA to ensure the availability of a safe IT platform from which to manage
member funds. Additionally, the position coordinates the implementation of the
section work plan to ensure the activities of the section are aligned with the
section strategy, and that quality standards and timelines are observed.
1.2 Key Responsibilities
a) Identify security shortcomings in the NAPSA application systems and
recommend appropriate policies to ensure best practices and standards
are complied with.
b) Report and track any security breaches on the Systems Applications.
c) Regularly review security posture of all the Applications Systems under
the Information Technology department.
d) Review and update security policies as directed by the line manager.
e) On a periodic basis, extract and review existing users access control lists
from all systems.
f) Perform IT Risk assessments and report on existing/new application
systems.
g) Maintain IT Disaster Recovery Plan and facilitate all DR planning and
testing of applications systems in liaison with the line manager.
h) Conduct periodic reviews on all installed Systems to ensure compliance
with the set standards
i) Conduct periodic information Security awareness to all members of staff
j) Work with developers to refine security checkpoints based on the Security
Standards and other industry-accepted doctrine such as NIST SP 800-
115 and/or ISO 27002 security standards.
k) Use automated tools to perform source code security analyses to identify
vulnerabilities and attack vectors in web applications.
l) Work with information systems analysts to refine web application
penetration testing methods and breadth of security services.
m) Obtain and review all required artifacts as part of go, no go analyses at
security checkpoint phases in the application development cycle.
n) Assist with periodic security risk assessments, IT security audits, and
management reporting.
o) Review and coordinate changes to information security policies,
procedures, standards, and audit work programs in a continuous
improvement model.
p) Conduct in-house vulnerability assessment of the Authority’s ICT
Application Systems.
q) Perform in-house quarterly Penetration Tests on the Authority’s ICT
Application Systems.
r) Maintain Application Firewall rules and ensure they are always operational
1.3 Qualifications and Experience
• Grade 12 Certificate with 5 ‘O’ levels with credit or better in Mathematics
and English.
• Any of the following certifications:
− Certified Information Systems Management (CISM)
− Certified Information Systems Security Professional (CISSP)
− Certified Ethical Hacker
− Any other relevant IT Security Certification
• Bachelor’s Degree in Computer Science or equivalent.
• Not less than three (3) years’ IT experience with at least one (1) year of
the total experience spent in administering IT security for applications in
an organisation of similar size.
TO APPLY
Your application letter should be accompanied by a CV and copies of relevant certificates and
should also specify your contact address and telephone number(s).
Application letters should be addressed to:
Acting Director Human Resources and Administration
National Pension Scheme Authority
Levy Business Park
Church Road
P.O. Box 51275
LUSAKA
The closing date for receipt of applications is Tuesday, 8th November 2022.
PLEASE NOTE THAT:
• ANY FORM OF LOBBYING WILL LEAD TO AUTOMATIC DISQUALIFICATION
OF THE CANDIDATE
• ONLY APPLICANTS WHO MEET THE SPECIFICATIONS INDICATED ABOVE
WILL BE ACKNOWLEDGED.
BE SMART, SECURE YOUR FUTURE