Job Description

Closing Date 2023/08/11
Reference Number SPU230727-16
Job Title Information Security Analyst
Department IT
Compensation Amount (CTC Per Annum) 312862
Job Type Classification Permanent
Location - Town / City Kimberley
Location - Province Northern Cape
Location - Country South Africa


Sol Plaatje University is one of Africaxe2x80x99s youngest and most exciting institutions of Higher Education a University that is committed to providing high-quality learning, teaching, research, and community engagement opportunities to its students and staff. Based in Kimberley in the Northern Cape, our University is ambitious about its intellectual contributions to and engagements with people in the region and beyond.

Enquiries can be made via email at

Assumption of duties: As mutually agreed to upon acceptance of the appointment

Women and people with disabilities are encouraged to apply.

Note: Sol Plaatje University (SPU) is dedicated to meeting its Employment Equity targets. The University reserves the right not to make an appointment
Minimum Requirements

• Bachelor's degree in information security or a similar field

• Cybersecurity certification advantageous

• 2-3 years' experience in either an information security position or in cybersecurity

• Proven knowledge of information security standards, rules, and regulations including International Organization for Standards (ISO) 27001, 27002, National Institute of Standards and Technology (NIST), and others Cloud security platforms

• In-depth knowledge of Cloud security platform(MS Intune /O365)

• Firewalls and malicious code defense including APT.

• Cybersecurity technical assignments, standards, tools, and processes.

• Common attack vendors. xe2x80xa2 Vulnerability assessment tools (Nessus,Nmap).

• Endpoint and network security tools or techniques.

• Willingness to work outside normal hours

• Driverxe2x80x99s license

Recommendations

• Relevant certification such as CISSP, CISM, CEH or GIAC are an advantage

Duties & Responsibilities

• Analyses and validates vulnerabilities then plan remediation activities

• Schedules and performs regular vulnerability scanning activities in the corporate network

• Reviews security vulnerabilities to identify risks to computing assets

• Provides technical vulnerability analysis and remediation options

• Reduces vulnerability by improving remediation and patch management process

• Ensures familiarity with Qualys and Nessus vulnerability scanner

• Reports and presents findings to a non-technical audience

• Assisting with the development and updating of cybersecurity-centric policies and procedures

• Assists with establishing network device implementation best practices, while providing guidance to others.

• Information Security and related risk assessments, as well as remediation plan development

• Identifying, raising and managing security risks through the appropriate risk life cycle

• Proactive risk management and engagement with business partners.

• Implement a systemic and structured information risk assessment process.

• Conduct business impact assessments periodically.

• Conduct threat and vulnerability evaluations at an ongoing basis.

• Identify and periodically evaluate information security controls and countermeasures to mitigate risk to acceptable levels.

• Integrate risk, threat and vulnerability identification and management into life cycle processes (e.g., procurement).

• Report significant changes in information risk to appropriate levels of management for acceptance on both a periodic and an event-driven basis.

• Lead discussions with internal stakeholders to ensure remediation efforts adhere to Company standards

• Assists with PCI and ISO compliance reviews, as needed.

• Conducts periodic user access reviews in conjunction with department heads

• Assist in updating existing Information Security Policies and Procedures.

• Reviews network security audit logs (e.g., firewall, IDS, etc.) periodically.

• Evaluate compliance with established security controls.

• Supports information security projects and initiatives

• internal and external resources (e.g., finances, people, equipment, systems) required to execute the information security program.

• Ensure that processes and procedures are performed in compliance with the universityxe2x80x99s information security policies and standards.

• Ensure the performance of contractually agreed (e.g., with joint ventures, outsourced providers, business partners, customers, and third parties) information security controls.

• Ensure that information security is an integral part of the systems development processes and acquisition processes.

• Ensure that information security is maintained throughout the universityxe2x80x99s processes and life cycle activities.

• Provide information security advice and guidance (e.g., risk analysis, control selection) in the university.

• Provide information security awareness, training and education (e.g., business process owners, users, information technology) to stakeholders.

• Monitor, measure, test and report on the effectiveness and efficiency of information security controls and compliance with information security policies.

• Ensure that noncompliance issues and other variances are resolved in a timely manner.

• Implement processes for preventing, detecting, identifying, analysing, and responding to information security incidents.

• Maintain lines of authority to escalate and communicate processes

• Maintain plans to respond to and document information security incidents.

• Maintain the capability to investigate information security incidents (e.g., forensics, evidence collection and preservation, log analysis, interviewing).

• Maintain agreed process to communicate with internal parties and external organizations (e.g., media, law enforcement, customers).

• Integrate information security incident response plans with the universityxe2x80x99s disaster recovery and business continuity plan.

• Organize, train and equip teams to respond to information security incidents.

• Periodically test and refine information security incident response plans.

• Prioritise the response to information security incidents.

• Conduct reviews to identify causes of information security incidents, develop corrective actions and reassess risk.

Policy

We are committed to Employment Equity when recruiting staff as prescribe by the Sol Plaatje University Policy on Employment Equity.

Follow us on social media

Copyright | All rights reserved | Sol Plaatje University

Processing

Delete Account?

Remove Personal Information?

Cancel Request to Remove Personal Information?

Terms & Conditions

Incomplete Profile

You need a complete profile before you can make applications. Would you like to complete your profile now?

Incomplete Applications

You have incomplete applications, view the application to complete

Apply

Nothing yet!

Profile Import Options

Log In Only: Just log in and do not change my profile.

Import and Keep: Import my profile and update matched sections. KEEP sections that do not match. Be sure to clean up any duplicates.

Import and Delete: Import my profile and update matched sections. DELETE sections that do not match.

Sol Plaatje University