The Information Systems Security Administrator (ISSA) is responsible for safeguarding Jambojet’s IT infrastructure and digital assets. This role ensures the airline’s systems remain secure, resilient, and compliant with industry regulations by implementing, monitoring, and continuously improving cybersecurity controls and policies. The ISSA proactively manages risks, responds to incidents, and supports the organization’s overall cyber maturity and resilience.

Key Responsibilities:

• IT Security Infrastructure Management
• Install, deploy, configure and maintain security technologies, including firewalls, IDS/IPS, antivirus software and encryption solutions. –
• Ensure that security systems are up-to-date and optimized.
• Ensure secure access control and authentication protocols.
• Maintain endpoint security and conduct regular system hardening.
• Threat Detection and Incident Response
• Identify, assess, and manage cybersecurity risks, threats and vulnerabilities.
• Support in developing and implementing the organization-wide Information
• Security function to ensure information security risks are identified and monitored.
• Implement and fine-tune security monitoring solutions, including SIEM (Security Information and Event Management) systems, to detect and respond to security incidents. Support
• in developing strategies for risk mitigation –
• Monitor networks and systems for security breaches.
• Analyze and triage security alerts, responding to high-priority incidents in real time.
• Act as first responder for cybersecurity events or breaches and collaborate with incident response teams to investigate and mitigate security breaches. –
• Develop and maintain an incident response plan with an emphasis on data-driven incident handling.
• Risk & Vulnerability Management
• Conduct regular risk assessments, vulnerability scans, and penetration tests.
• Identify potential threats and recommend mitigation measures.
• Support secure integration of third-party systems.
• Security Policy & Awareness
• Draft, review, and maintain IT security policies, procedures, and standards.
• Lead employee cybersecurity awareness initiatives and training programs.
• Promote a security-first culture across the organization.
• Regulatory Compliance & Audits
• Ensure adherence to industry standards such as ISO27001, PCI DSS, GDPR, NIST, and local cybersecurity laws.
• Participate in internal and external audits; address findings and implement recommendations.
• Ensure all projects and systems are subjected to security checks to avert from possible security threats pre and post go live.
• Evaluate the organization’s security needs and establish best practices and standards accordingly.
• Implement system automation within the organisation to ensure effective and efficient security protocols.
• Security Maintenance & Change Management
• Manage implementation of system updates, security patches, and configuration changes.
• Evaluate new tools and technologies to enhance security posture.
• Collaborate with developers, project managers, and other stakeholders to ensure new tools onboarded or developed do not pose security threats.
• Forensics, Analytics & Reporting
• Collect and preserve evidence in the event of security incidents.
• Lead incident investigations, coordinate responses, and implement corrective actions.
• Collect, analyze, and interpret security-related data from various sources to identify patterns, anomalies, and potential security threats.
• Develop and maintain custom security analytics models and algorithms.
• Create meaningful visualizations and reports to communicate security insights and trends to both technical and non-technical stakeholders. –
• Automate regular security and compliance reporting processes for management and for compliance purposes.

Qualifications:

Academic:

• Bachelor’s degree in Information Technology, Computer Science, or a related field.
• Professional Certifications (Preferred):
• Certified Ethical Hacker (CEH)
• Certified Information Systems Auditor (CISA)
• CompTIA Security+, CISSP, ISO27001 Lead Implementer, or equivalent

Experience:

• Minimum of 2 years in an IT role with a focus on cybersecurity.
• Hands-on experience in risk analysis, penetration testing, and incident response.
• Experience performing information security audits or risk assessments.
• Experience with various security tools to assess the organization’s security posture.
• Familiarity with security auditing processes
• Experience in highly regulated industries (e.g., aviation, finance) is an added advantage.