Job Description

Core purpose of the role

The IT Security Analyst is responsible for the effective working of the IT Security controls through the monitoring thereof, liaising with the various IT disciplines to implement the controls as applicable to them and liaising with external service providers of IT security solutions.


Key deliverables and outputs


Liaise with the various IT disciplines within the organisation to ensure that IT security controls implemented in these environments are maintained as per the division's principles and standards. This includes the IT security solutions and technologies.

Ensure that all IT security control documentation is updated to reflect changes to the IT security controls. Provide input to changes to IT security policies and procedures.

Perform health checks on the IT security controls to identify issues and report issues that could impact the daily operations to the relevant structures. Network and Perimeter Security

Monitor the status of the network and perimeter security controls (e.g. IPS, botnet, etc.) on a daily basis and ensure that non-compliance is reported to the various teams for action. Follow up on non-compliance and escalate issues where required to ensure that the non-compliance is resolved in a timely manner.

Endpoint and Infrastructure Security

Monitor the status of the endpoint security controls (e.g. anti-virus protection, endpoint encryption, laptop locks) on a daily basis and ensure that non-compliance is reported to the various teams for action. Follow up on non-compliance and escalate issues where required to ensure that the non-compliance is resolved in a timely manner.

Messaging and Web Security

Monitor the status of the messaging and web security controls (e.g. Mimecast threat protection, web filtering, etc.) on a daily basis and ensure that non-compliance is reported to the various teams for action. Follow up on non-compliance and escalate issues where required to ensure that the non-compliance is resolved in a timely manner.

Identity and Access Management

Monitor creations, movements and terminations in Active Directory to ensure that users' access are updated in line with instructions from the Human Capital department.

Perform log reviews on privileged user activities and identify and report on non-compliance. Follow up on non-compliance and escalate issues where required to ensure that the non-compliance is resolved in a timely manner.

IT Security Event and Log Analysis

Co-ordinate and set up the collection of audit trails, system logs and other monitoring data sources as input into IT security tools. Analyse events and identify potential trends.

Assist in IT security testing initiatives with the Quality Assurance discipline. Assist in the analysis of IT security incidents

Internal customers

The Group Chief Information Security and Risk Officer and IT Security and Risk team End-users across all business units


External stakeholders



Third Party Suppliers and Partners


Qualification, Experience and Competencies


Academic qualifications


Essential:


A three year degree (or equivalent) in computer science or informatics A+ / N+ or relevant Microsoft certifications

Advantageous:


Honours degree or advanced certifications IT Security-related certification

Work experience

Essential:

Five to eight years' practical experience in IT (server, desktop or network domains) with focus on IT security-related controls in any of these disciplines.

Knowledge

Essential:

Good understanding of IT security concepts and terminology. Good understanding of technology supporting IT security controls. Strong interest and understanding of the latest IT security trends. Extensive knowledge of IT security operations, design and deployment. Thorough understanding of ITIL to assist with driving excellence in service delivery.

Skills

Essential:

Highly developed communication skills to interact professionally with end users and persuade and influence others effectively at all levels (externally and internally). Negotiation skills to manage and interact with service providers. Interpersonal skills to network effectively, handle conflict, including sensitivity to diversity and confidentiality. Good critical, analytical, conceptual and creative thinking and problem-solving skills to spot trends, identify new technology developments, perform in-depth analysis of effectiveness of support. Numeric reasoning skills to draw logical conclusions from for numerical information. Ability to multi-task.

Personal Attributes

Essential:

Concern for working within parameters Passion for optimising business performance Commitment to behaving ethically and correctly Strong customer centricity Remain resilient under stress and pressure Focus on initiating action Concern for communicating clearly

Advantageous:


Focus on analysing and solving problems Preference for thinking practically and laterally Orientation to growing and nurturing relationships Strong inclination for change agility Preference for team working * Concern for aligning with best practiseents.