The ICT Security Specialist is responsible for protecting the organisation’s information systems, networks, and data assets by ensuring the effective implementation, monitoring, and continuous improvement of ICT security controls. The role provides independent oversight, proactive threat detection, and assurance that ICT policies, standards, and regulatory requirements (such as the Data Protection

2. Key Responsibilities

2.1 Security Monitoring and Incident Management

• Monitor and analyse security logs from firewalls, intrusion detection/prevention systems, servers, and applications.
• Detect, investigate, and respond to security incidents and anomalies.
• Escalate and report security breaches in accordance with defined procedures.
• Maintain proper documentation of incidents and actions taken.

2.2 ICT Policy Implementation and Compliance

• Ensure full implementation of ICT and Information Security policies.
• Conduct periodic compliance checks and identify control gaps.
• Recommend corrective actions and track remediation progress.
• Support internal and external audit processes.

2.3 Access Control and Identity Management

• Perform periodic user access reviews, including privileged accounts.
• Enforce least privilege principles and segregation of duties.
• Monitor unauthorized access attempts and suspicious activities.
• Ensure compliance with access control policies and procedures.

2.4 Disaster Recovery and Business Continuity

• Coordinate and validate periodic Disaster Recovery (DR) tests.
• Ensure DR documentation is regularly updated and accessible.
• Evaluate test results and recommend improvements where needed.
• Monitor readiness of backup systems and recovery processes.
• Ensure backups are regularly done and tested for both integrity and restorability.

2.5 Vulnerability Management and Risk Assessment

• Conduct routine vulnerability assessments and security scans across the ZCCM-IH Group network.
• Identify weaknesses in systems, networks, and applications for the ZCCM-IH Group
• Recommend risk mitigation strategies and controls to be implemented.
• Support enterprise risk management initiatives across the group.

2.6 Security Awareness and Best Practices

• Promote security awareness among ZCCM-IH Group staff.
• Guide on safe ICT practices
• Support training initiatives to reduce human‑related security risks.

2.7 IT Control Environment Assurance

• Continuously assess the effectiveness of IT controls
• Ensure critical controls remain operational and effective at all times.
• Provide periodic reports on the security posture of the organisation.

3. Key Deliverables

• Security monitoring and incident reports
• Access control review reports
• DR testing reports and findings
• Vulnerability and risk assessment reports
• Compliance and audit support documentation

4. Qualifications and Experience

Education

• Bachelor’s degree in:
• Information Technology
• Computer Science
• Cybersecurity
• Or related field

Professional Certifications (Advantage)

• CISSP (Certified Information Systems Security Professional)
• CISM (Certified Information Security Manager)
• CEH (Certified Ethical Hacker)
• CompTIA Security+
• Other recognised ICT Security Certifications

Must be a paid member of ICTAZ

Experience

• Minimum 4 years experience in ICT or cybersecurity roles
• Hands‑on experience in security monitoring tools and log analysis
• Experience in risk management, compliance, or audits is an added advantage.

5. Technical Skills

• Security tools (SIEM, firewalls, IDS/IPS)
• Operating systems (Windows, Linux)
• Networking fundamentals (TCP/IP, VPNs, routing)
• Identity and access management systems
• Vulnerability scanning tools.

6. Key Competencies

• Strong analytical and problem‑solving skills.
• Attention to detail and investigative mindset.
• High level of integrity and confidentiality
• Ability to work independently and objectively.
• Effective communication and reporting skills

7. Working Relationships

• ICT Operations Team
• Internal Audit and Risk Management
• External Auditors and Regulators
• All Business Units (for compliance and awareness)

8. Performance Indicators

• Timely detection and resolution of security incidents
• Compliance with ICT policies and audit requirements
• Effectiveness of access control and monitoring processes
• Quality and timeliness of reporting

• Monitor and analyse security logs from firewalls, intrusion detection/prevention systems, servers, and applications.
• Detect, investigate, and respond to security incidents and anomalies.
• Escalate and report security breaches in accordance with defined procedures.
• Maintain proper documentation of incidents and actions taken.
• Ensure full implementation of ICT and Information Security policies.
• Conduct periodic compliance checks and identify control gaps.
• Recommend corrective actions and track remediation progress.
• Support internal and external audit processes.
• Perform periodic user access reviews, including privileged accounts.
• Enforce least privilege principles and segregation of duties.
• Monitor unauthorized access attempts and suspicious activities.
• Ensure compliance with access control policies and procedures.
• Coordinate and validate periodic Disaster Recovery (DR) tests.
• Ensure DR documentation is regularly updated and accessible.
• Evaluate test results and recommend improvements where needed.
• Monitor readiness of backup systems and recovery processes.
• Ensure backups are regularly done and tested for both integrity and restorability.
• Conduct routine vulnerability assessments and security scans across the ZCCM-IH Group network.
• Identify weaknesses in systems, networks, and applications for the ZCCM-IH Group
• Recommend risk mitigation strategies and controls to be implemented.
• Support enterprise risk management initiatives across the group.
• Promote security awareness among ZCCM-IH Group staff.
• Guide on safe ICT practices
• Support training initiatives to reduce human‑related security risks.
• Continuously assess the effectiveness of IT controls
• Ensure critical controls remain operational and effective at all times.
• Provide periodic reports on the security posture of the organisation.

• Security tools (SIEM, firewalls, IDS/IPS)
• Operating systems (Windows, Linux)
• Networking fundamentals (TCP/IP, VPNs, routing)
• Identity and access management systems
• Vulnerability scanning tools.

• Bachelor’s degree in: Information Technology, Computer Science, Cybersecurity, Or related field
• CISSP (Certified Information Systems Security Professional)
• CISM (Certified Information Security Manager)
• CEH (Certified Ethical Hacker)
• CompTIA Security+
• Other recognised ICT Security Certifications
• Must be a paid member of ICTAZ