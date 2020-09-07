Digital Strategist

POSITION OVERVIEW:

The Digital Risk Analyst has strong technical skills in a wide range of ICT domains and reports to the Senior Manager: Digital Risk as a member of the GRC Team. This position will be required to perform second-line control and risk functions related to Information Security, Cyber Security and Digital Forensics in the areas of Information Security Governance; Human Resource Security; Physical and Environmental Security; Supplier Relationships; Information Security Incident Management; Operations Security and Communications Security.

RESPONSIBILIITES:

– Providing technical information, cyber and digital forensics support to other GRC units

including Internal Audit, Forensics, Legal and Compliance.

– Implementation and performing of second-line information, cyber and forensics related

controls.

– Fulfilling, logging, managing and escalating incidents, participating in problem and change

management processes related to information, cyber and digital forensics risk.

– Deployment and management of Digital Risk solutions and systems including applications

and infrastructure.

– Participate on projects to ensure that information, cyber and forensics risk is factored

into the evaluation, selection, design, deployment and maintenance of systems.

– Reporting on the status of controls, incidents, projects and compliance.

– Researching, assessing and recommending systems and configuration standards and

requirements for securing systems.

– Internal and external security related audits, digital forensic recovery and investigation threat modelling, penetration testing, security scanning and testing configuration baselines.

– Implementation and successfully completing second-line controls tests.

– Following approved processes in fulfilling and tracking of GRC requests, incidents, updates, resolution and reporting.

– Provide accurate and on time input to management reports on agreed metrics, evidence as required and advise or report on recommended actions.

– Ensure that Digital Risk infrastructure and systems are available, configured, capacitated and managed as required.

– Providing input and evidence as required and advise or report on recommend actions

aligned to OEM recommendations, industry standards and frameworks and internal policy.

– Reading, interpreting and applying technical data manuals and related documents.

– Keep abreast of emerging security technologies, software and methodologies.

– Researching and providing technical and budgetary information for proposed digital risk

solutions and providing input for RFQ’s and RFP’s.

– Share system and industry knowledge with staff, capacitate team members in order for them to operate in a relevant and effective manner.

– Effective time management, prioritizing requests, organize, schedule and co-ordinate tasks and projects.

QUALIFICATIONS & EXPERIENCE

– A NQF level 7 qualification, preferably Bachelor’s Degree in Information Systems or related.

– Certified in ISO/ IEC 27001

– CISSP/ CISA/CISO certified or similar

– Other relevant certifications, RESILIA/COBIT/ ITIL or similar

– Digital Forensics and Readiness, recovery and investigation. (Encase, Autopsy, Tableau)

EXPERIENCE:

– Minimum 7 years in experience in ICT or information security.

– Strong technical background in multiple ICT Domains (preferred – digital forensics, security and compliance, cyber security)

– Experience with Office 365 security, compliance and auditing.

– Experience with penetration testing tools and vulnerability scanners, Nessus, Arachni, FOCA, etc. (KALI, Maltego, Burp Suite, Arachni, OWASP)

– Experience with Infrastructure and application monitoring and management tools and

software.

– Security Information and Event Management solutions, vulnerability scanning and

penetration testing and enhancing web application and network security. (Nessus,

Checkmarx SAST).

– Experience with SIEM solutions (Alien Vault, etc.)

– Experience with security infrastructure, firewalls, Web Proxies, WAF, IPS, etc. (preferred –

Cisco ASA and FortiGate)

– Experience with networking technologies, LAN, WAN, DMZ, etc. (preferred – Cisco and HP)

– Experience with web application and security technologies (preferred – F5, Barracuda, URL policies and security, Cookie Security, SQLi, XSS, LFI, RFI, DDOS)

– Experience with server and infrastructure services, MS Windows Server, Exchange, Active

Directory, etc.

– Experience with server virtualization (preferred – VMWare)

– SPECIAL REQUIREMENTS:

– Driver’s license with own transport.

– Strong MS Office skills.

– Working after hours as required.

