Job Description

JOB DESCRIPTION:

Job Title: IT Information Security Specialist
Employment Type: Permanent, On-site
Work Location: Johannesburg

JOB SCOPE & RESPONSIBILITIES

• Manage the day-to-day operational security environment in close collaboration with other central and unit IT Managers.
• Conduct security scans and vulnerability management (internal and external environment) and manage closure of vulnerabilities.
• Design appropriate security controls library for IT infrastructure, applications, and systems.
• Review systems and applications for security risks and ensure they are mitigated by IT / Business owners.
• Establish, oversee, and enforce relevant access controls to ensure that only the right people have access to required information.
• Manage the end-to-end lifecycle of any potential or actual security incident.
• Identify, investigate, and report on suspected security breaches and manage resolution with key stakeholders.
• Review and analyse logs from our internal Security Operations Centre.
• Assess the business security measures, such as firewalls, anti-virus software and passwords, to identify any weak points that might make information systems vulnerable to attack.
• Perform ongoing health-checks and test the effectiveness of the IT security environment.
• Perform gap analyses to examine existing processes and technologies and discover loopholes leading to poor information security quality and improvement opportunities.
• Oversee security testing of new or enhanced products to ensure information security requirements are met.
• Stay current with incident response, digital forensics methodology, the associated legal requirements, and threats applicable to the South Africa.
• Identify, implement, and monitor security controls required for new digital products, including blockchain technology, mobile IT, Devops.
• Facilitate audit review processes performed by Internal and External Auditors; ensuring the relevant remedial action is taken to mitigate risk.
• Report, escalate and address non-compliance to defined incident response processes and procedures.
• Review IT security standards and policies for relevance and effectiveness as the security landscape changes.
• Develop and implement key processes and procedures to incorporate security throughout the SDLC process.
• Research, evaluate, recommend, implement, support, and maintain the companys information and cyber security tools and technologies.
• Analyse deficiencies / gaps in the current IT security posture, motivate for investments and lead security projects to rectify these.
• Research and drive new security control initiatives and improvement of existing technologies and processes; emerging technologies and processes that may be incorporated as solutions to recurring security concerns; and assess business impact and exposure to emerging security threats.

QUALIFICATION AND EXPERIENCE

Qualification:

• Bachelors degree in information systems or equivalent.
• Information Security Certification such as CISSP, CISM, CEH, CCSP

Experience:

• More than 6 years experience in an IT security environment, including cloud security.
• Extensive experience in cyber security technologies (SIEM, DLP, HIPS, AVs), preferable Microsoft EMS, McAfee, Darktrace, Mimecast.
• Experience in cyber threat monitoring and response, threat remediation and threat intelligence.

Legislated Accreditation/ Registration

• ISACA an advantage

Work conditions and special requirements

• Travel to all units required on a need basis.
• Will be required to work outside of normal working hours, in line with operational requirements (including weekends, public holidays).

COMPETENCIES

Technical proficiency:

• Technical background with a variety of computer hardware, software, communication systems including system integration, network architectures and physical logical communication systems / devices.
• Security testing with various tools, like Nessus, F-Secure.
• Creating and reviewing IT security policies for compliance.
• Knowledge of security best practices such as defence in-depth, least privileges, need-to- know, separation of duties, access controls, encryption etc.

Know-how:

• Requires specialised knowledge of techniques, equipment and processes relating to IT cybersecurity practices, services, and suppliers.
• Short term planning (6-12 months) involves conducting the planning of activities to meet and optimise processes in the IT security value chain.
• Organise, plan, and prioritise tasks for self to ensure that work gets done effectively and efficiently.
• Interact with clients, and professional teams - influencing, motivating, and encouraging specific behaviour.

Problem-solving:

• Apply business acumen and sound common sense to the analysis of IT security data and results within defined standards.
• Monitor changes in the environment and is quick to act upon potential opportunities, risks, and challenges.
• Consider all the facts, options, and possible outcomes prior to making decisions.
• Analyse and diagnose performance issues in order to maximise or leverage product strengths to deliver results.
• Deal with diverse problems in own area, using judgment and discretion to resolve them.

Accountability:

• Provide information and make recommendations regarding IT cybersecurity services to ensure risk is averted.
• Solve a wide range of queries related to data management and analytics dealing with these sensitively and within operational/procedural limitations.
• Optimise and streamline existing systems and processes to support the business strategy in terms of cost efficiency, managing risks and improving security.
• There are guidelines/ policies and procedures in place to be followed, but the incumbent needs constantly consider ways of improving productivity and controlling costs.

PACKAGE & REMUNERATION

• Negotiable depending on Qualifications and Experience.

ExecutivePlacements.com