Role Profile

•The role is responsible for ensuring the effectiveness, resilience, and compliance of enterprise security controls across the organization. This role focuses on monitoring, testing, and maintaining cybersecurity safeguards to protect critical systems, data, and infrastructure against evolving threats. The specialist will collaborate with IT, risk management, and compliance teams to assess control performance, identify gaps, and implement remediation strategies. Key responsibilities include managing security control frameworks, conducting operational reviews, supporting incident response, and ensuring adherence to regulatory and industry standards.

Key Responsibilities

•Design, implement, and optimize endpoint security, data protection, and threat mitigation technologies, while ensuring secure configuration and hardening of systems and cloud environments.
•Identify, assess, and remediate control gaps to strengthen the organization’s defense posture against evolving cyber threats.
•Support vulnerability assessments and patching programs to identify and remediate security gaps in a timely manner.
•Support compliance with regulatory requirements and industry standards by aligning control operations with governance frameworks and risk management practices.
•Collaborate Coordinate with cross-functional teams to align security operations with organizational risk appetite, regulatory requirements, and compliance standards.
•Monitor, test, and validate the effectiveness of cybersecurity controls across enterprise systems and networks.
•Identify control gaps, assess risks, and implement remediation measures to strengthen the organization’s security posture.
•Maintain and update security control frameworks to ensure alignment with regulatory requirements and industry standards.
•Collaborate with cross functional teams to operationalize security policies and procedures.
•Support incident response activities by analyzing control performance and recommending corrective actions.
•Conduct regular audits, reviews, and reporting on control effectiveness to management and stakeholders.
•Provide technical expertise in deploying, configuring, and maintaining security tools and technologies.
•Drive continuous improvement initiatives to enhance control efficiency, resilience, and adaptability against emerging threats.
•Develop and deliver training or awareness sessions to promote adherence to security control practices across the organization.
•Stay current with emerging cyber threats, technologies, and regulatory changes to proactively adjust control operations.

Qualification Required & Experience

Must have Technical / Professional Qualifications

•Bachelor’s degree in cyber or information security, computer science/engineering, information technology (or systems) or other related fields.
•5+ years of progressive experience in cybersecurity or related field in cybersecurity, with a significant focus on hands-on technical security work.
•Any of the certifications below will be desired.
•Certified Ethical Hacker (CEH), GIAC Penetration Tester (GPEN), CompTIA CASP+ , Offensive Security Certified Professional (OSCP), GIAC Certified Incident Handler (GCIH)

Core Competencies, Knowledge, and Experience

•Ability to evaluate threats, vulnerabilities, and control gaps to prioritize remediation.
•Skilled in continuously tracking and validating the effectiveness of cybersecurity safeguards.
•Competence in analyzing control performance during security events and contributing to rapid recovery.
•Strong knowledge of regulatory and standard frameworks such as ISO 27001, NIST, and GDPR to ensure adherence.
•Expertise in security tools, monitoring systems, and operational technologies used to enforce controls.
•Capacity to interpret complex data, identify patterns, and recommend actionable improvements.
•Ability to work across IT, risk, and compliance teams, translating technical issues into business terms.
•Commitment to enhancing control efficiency and resilience against evolving cyber threats.
•Skilled in producing clear, accurate reports on control effectiveness for stakeholders and leadership.
•Staying current with emerging technologies, threat landscapes, and evolving compliance requirements.
•In-depth understanding of the CIA triad (Confidentiality, Integrity, Availability), threat modelling, risk, access control models, non-repudiation, and the principle of least privilege management methodologies, and the MITRE ATT&CK framework.
•Deep understanding of TCP/IP, HTTP/S, DNS, SMTP, FTP, SSH, etc., and their security implications.
•OWASP Top 10: Comprehensive knowledge of common web application vulnerabilities (e.g., SQL Injection, XSS, CSRF, Broken Access Control, Security Misconfiguration) and their exploitation/prevention.
•Understanding of REST/SOAP API vulnerabilities and authentication mechanisms (e.g., OAuth, JWT).
•Knowledge of common mobile app vulnerabilities for iOS and Android.
•Lifecycle management (identification, assessment, remediation, verification), risk prioritization frameworks (such as CVSS).

Location: Accra