Job Description

Dis-Chem Pharmacies requires a Senior IT Security Engineer at our Head Office in Midrand. To support day-to-day data security operations including patch management, red team exercises, remediation of cyber security incidents, implementation of Cyber Security Road map tasks and to support and maintain a broad suite of information security infrastructure.

Minimum Requirements:

Essential:

• Grade 12 / Matric
• Minimum 7 Years IT Experience
• Minimum of 5 years of experience in information security and compliance frameworks.
• Degree in Computer Science/Engineering OR IT Degree
• Information Security certification (s) such as Security+, Cyber Security Analyst, CRISC, CISSP or CISA.
• Needs to understand Security Framework
• Experience with NIST Cybersecurity Framework
• Experience with Data Protection and Privacy (POPI and GDPR)
• PCI (Payment Card Industry-Data Security Standard) Compliance
• Technical experience in Network Security and Ethical hacking experience
• Penetration testing experience and Vulnerability Management
• Technical experience in overall Security Tools (e.g., Firewall, IDS, etc.)
• Content filtering and Incident Response Management
• Patch Management and Assist with creation, implementation and maintenance of compliance and security policies

Job Specification:

• Architects, designs, implements, maintains and operates information system security controls and countermeasures.
• Implement new security systems/platforms as per the Cyber Security Roadmap.
• Analyzes and recommends security controls and procedures in acquisition, development, and change management lifecycle of information systems, and monitors for compliance.
• Analyzes and recommends security controls and procedures in business processes related to use of information systems and assets, and monitors for compliance.
• Monitors information systems for security incidents and vulnerabilities; develops monitoring and visibility capabilities; reports on incidents, vulnerabilities, and trends.
• Responds to information system security incidents, including investigation of, countermeasures to, and recovery from computer-based attacks, unauthorized access, and policy breaches; interacts and coordinates with third-party incident responders, including law enforcement.
• Administers authentication and access controls, including the creation, modification, and deactivation of user and system accounts, security/access roles, and information asset access rights.
• Analyzes trends, news and changes in threat and compliance environment with respect to organizational risk; advises organization management and develops and executes plans for compliance and mitigation of risk; performs risk and compliance self-assessments, and engages and coordinates third-party risk and compliance assessments.
• Perform patch management of endpoints and servers to ensure highest level of security on all critical systems.
• Conduct red team exercises and remediation on mission-critical systems.
• Review, understand and correlate data from multiple sources, not limited to user authentication events, windows security event logs, intrusion detections alerts, proxy logs and firewall events.
• Assist with the documentation of security policies as well as promote activities and procedures to create a general awareness about the significance of security within the organization.
• Assist with the maintenance of information security policies and procedures and to ensure that the security strategies are being followed, to meet the organizational security goals and standards.
• Perform Payment Card Industry(PCI) compliance and IT General Controls (ITGC) related tasks as directed.
• Assist with the monitoring of internet access utilized by employees within the Group.
• Assist with the identification, investigation and resolution of security breaches.
• Develops and administers, or provides advice, evaluation, and oversight for, information security training and awareness programs.
• Manage configuration and change control records with regards to IT security system activities.
• Engage management on users that default their Cyber Security Awareness Training to ensure compliance.
• Liaise with stakeholders to perform root cause analysis and trend analysis of security threats.
• Perform various administrative duties related to information security.
• Keep accurate record of all hard copy documents, related to the department in a logical filing system.
• Adhere to Dis-Chem Policies and Standard Operating Procedures.
• Adhere to Health and Safety rules and regulations.

Competencies

Essential:

• Knowledge of common information security management frameworks, such as ISO/IEC. 27001 and NIST. Understanding of Security principles such as Confidentiality, Integrity and Availability. Experience with data privacy (POPIA and/or GDPR) is required. Experience in driving PCI-DSS compliance and recertification.
• Makes timely, informed decisions that take into account the facts, goals, constraints, and risks. Having or showing interest in learning things and being curious. The ability to comprehend, to understand and profit from experience.
• Communicating in a confident and forceful manner in order to achieve the required goal without being aggressive.
• Addresses customer questions in a timely manner. Ensures products and services comply with customer requirements.
• Diligently attends to details and pursues quality in accomplishing tasks.
• Deadline orientated and good time management skills.
• Be able to work under pressure
• English - Read, write and speak well
• Trustworthy and Honest
• Be self-motivated and deadline driven
• Be able to motivate, lead and inspire others
• Computer Skills - Microsoft Office: Word, Excel, PowerPoint and Outlook
• Technical experience with Kali Linux and other penetration testing tools required. Technical knowledge of Network Security (e.g. SSL, HTTP, DNS, SMTP, IPSec), and encryption techniques.
• Technical experience on firewall and IDS/IPS technologies. Technical troubleshooting skills, i.e. both for security and network administration.
• Technical experience with Microsoft Windows Active Directory. Intermediate virus protection and content filtering technical experience. Investigation and remediation of security incidents, i.e. understanding of associated processes and reporting.
• Experience with vulnerability scanning tools, including web application vulnerability scanning tools. Strong process oriented individual with understanding of ITIL concepts.

Special conditions of employment:

• Occasional Travel.
• South African Citizen
• MIE, clear criminal and credit
• Driver's license and/or own reliable transport

Remuneration and benefits:

• Market-related salary
• Medical aid
• Provident fund
• Staff account

ONLY SUCCESSFUL APPLICANTS WILL BE CONTACTED. IF YOU HAVEN`T BEEN CONTACTED WITHIN TWO WEEKS AFTER THE CLOSING DATE CONSIDER YOUR APPLICATION AS UNSUCCESSFUL.

Dis-Chem Pharmacies is an equal opportunity employer. Dis-Chem's approved Employment Equity Plan and targets will be considered as part of the recruitment process aligned to Dis-Chem's Employment Equity & Transformation Strategy. Dis-Chem actively supports the recruitment of People with Disabilities.

Dis-Chem Pharmacies