Contract Type: Permanent

Grade: D2

Deadline: 19 Jun, 2026

Description:

INTERNAL VACANCY ANNOUNCEMENT- INFORMATION SECURITY ANALYST

(PUBLISHED 8 AUGUST 2025)

Eswatini Civil Aviation Authority (ESWACAA), a Category A Public Enterprise responsible for the regulation of Civil Aviation in the Kingdom of Eswatini and the operation of King Mswati III International Airport. ESWACAA carries out its mandate in conformity with International Civil Aviation Organisation’s (ICAO) Standards and Recommended Practices (SARPs).

ESWACAA invites suitably qualified and experienced candidates to apply for the position of Information Security Analyst tenable in the Information Technology Department under Corporate Services. This role is critical in safeguarding the Authority’s digital assets, ensuring data confidentiality, integrity, and availability while aligning security measures with business objectives and regulatory requirements. The position reports to the Manager Information Technology. The successful candidate will be stationed in Matsapha (ESWACAA Head Office) with occasional travel to KMIII International Airport (Sikhuphe).

1. JOB PURPOSE:

The role is responsible for designing, implementing, and overseeing enterprise-wide security frameworks and compliance programs to protect sensitive data and ensure adherence to legal, regulatory, and industry standards. The incumbent will manage risk assessments, compliance audits, incident response, and stakeholder collaboration to ensure robust security measures are in place across ESWACAA systems and operations.

Key Responsibilities

The incumbent will be expected to:

• Design and implement enterprise security architectures, integrating security controls across cloud, hybrid, and IoT environments.

• Translate regulatory requirements (e.g., GDPR, ISO 27001, NIST CSF) into actionable technical controls and lead compliance audits.

• Develop identity and access management frameworks, encryption strategies, and network segmentation.

• Conduct enterprise risk assessments, manage cybersecurity risk registers, and develop mitigation strategies.

• Evaluate vendor and third-party security postures and ensure SLAs comply with security standards.

• Lead disaster preparedness, response, recovery, and resilience (DPR3) and business continuity planning (BCP).

• Collaborate with executive leadership and train internal teams on security-by-design principles and cybersecurity awareness.

• Provide general IT support to ESWACAA systems and users as needed.

2. QUALIFICATIONS AND EXPERIENCE:

The ideal candidate must meet the following minimum requirements.

(i) Qualification

• BSc in Computer Science, Cybersecurity, or equivalent.

(ii) Added Advantage

• Security certifications such as CISSP, CISM, CISA, CCSP.

• ISO 27001 Lead Auditor certification.

• ITIL Foundation certification.

• Computer forensics training.

(iii) Work Experience

• 5 years’ relevant experience in information security.

• Proven experience in cloud security (AWS, Azure), DevSecOps, or threat intelligence platforms.

• Enterprise firewall experience (e.g., Cisco ASA, Sophos, SonicWALL).

• Strong background in network security management and business continuity strategies.

• Advanced troubleshooting techniques.

(iv) Other requirements

• Full Aviation Security Clearance.

3. SKILLS, KNOWLEDGE, AND PERSONAL ATTRIBUTES:

The ideal candidate must demonstrate the following competencies, knowledge, and personal attributes:

• Mastery of security frameworks (NIST, ISO 27001, CIS).

• Proficiency in SIEM and IAM tools, firewalls, IDS/IPS, and encryption protocols

• Understanding of global data privacy laws (GDPR, HIPAA, PCI-DSS, SOX).

• Familiarity with scripting languages (Python, PowerShell, Bash) for automation

• Forensic investigation and ethical hacking.

• Threat detection and security log analysis.

• Risk modelling, audit management, and effective communication skills.

• High integrity, teamwork, and discretion in handling confidential data.

• Ability to work under pressure and make decisive decisions.

Applications with complete up-to-date Curriculum Vitae, certified copies of academic certificates/professional accreditation, must be emailed to recruitment@eswacaa.co.sz not later than Wednesday, 13 August 2025. Please quote the position of “Information Security Analyst” in the email subject line.

N.B. Only emailed applications will be admissible.

Only shortlisted candidates will be contacted.

All applications should be in PDF format not exceeding 11MB. Zipped or compressed files are not admissible.