Information Security Management
– Document and maintain application security policies & processes.
– Give input and/or evaluate development specifications to ensure compliance to information security policies and standards.
– Identify and/or log mitigation instructions for information security risks and or vulnerabilities
– Identify and/or log mitigation instructions for Security baseline non-compliance instances.
– Log mitigation instructions to resolve information security related audit findings.
– Do testing of security related deployments across the various development environments and production.
Logical access
– Create and maintain security groups/profiles on the various applications
– Create new and add/remove/change users/user accounts to the various applications
– Implement and maintain effective reporting for user management on the various applications
Audit controls & support
– Ensure that controls/reports – to monitor compliance to security policies and standards – are executed.
– Maintain records of completing these controls for input to the audit process(es)
– Collect and submit data to the various audit processes.
– Handle requests for additional information from the auditor(s)
– Facilitate the requests from auditors who requires input from third parties (GTI, BCX, MIP, etc.)
– Assist management to report on the progress of mitigation actions on previous findings.
Business support
– Support projects and release teams during deployments
– Assist SEB IT Operational Support with security related business issues
– Facilitate Active Directory related issues for users and computers
– Facilitate file share/NTFS access requests
– Facilitate Linux and Samba Share access and support
– Facilitate firewall rule change requests.
– Assist the Disaster Recovery coordinator during exercises with security related issues.
What will make you successful in this role?
– Good understanding of the SEB business environment
– Good interpersonal and negotiation skills
– End-to-end ownership of tasks and responsibilities (to ensure timeously delivery of tasks of an agreed quality)
Qualification & experience (do not include matric if a degree is required)
– Grade 12 with Mathematics
– Preferably a post matric qualification in Information Technology (Computer studies, Security+, etc.)
– ISO27001 and CISSP will be beneficial
Knowledge and skills (high level and bulleted)
– 5 Years working experience in an Information Security function
– 3 Years working experience on Active Directory and Linux (including Samba) security configuration.
– 1 Year business analysis exposure.
– 1 Year involvement with planning and execution of the change management process.
Personal qualities (most critical ones only and bulleted)
– Team player
– Self-motivating/self-driven – focus in delivering results
– Detail orientated