- Responsible for designing, implementing and maintaining data protection capability across the company’s infrastructure, applications, mobile devices and network.
- Anticipate data security requirements and identify sound security controls for applications, systems and processes.
- Required to research and keep abreast of data breach attacks and threats in order to continuously protect the company against new types of attack.
- Take the lead during incident investigation to drive speedy resolution to minimise potential data leakage and financial loss to the company.
- Engages with key privacy, business and operational partners in managing the security of the company data and remediation of data breaches on the company’s network and its systems.
QUALIFICATIONS AND EXPERIENCE
- Minimum of 3 years tertiary qualification (degree/ national diploma) in Information Technology/ Engineering
- CISSP/CEH/ CGEIT certification (one of)
- Business analysis/architecture qualifications
- Other qualifications (ITIL, TMF, COBIT) advantage
- Minimum of 5+ years of relevant work experience in Information Security
- Experience in managing and implementing large scale security projects
- Advanced working understanding of the information and technology environment of a bank or telecom company
- Understanding emerging markets advantageous
- Worked across diverse cultures and geographies
- Strong knowledge of data protection software and hardware solutions, including transparent solutions [SQL, Oracle TDE]
- Knowledge of data security mechanisms with an understanding of cryptographic techniques and protocols. This can include symmetric and asymmetric encryption algorithms [AES, RSA], hashing algorithms [SHA/HMAC] and data in transit protection protocols [TLS/IPSec].
- Knowledge of data security standards
- Experience implementing solutions beyond analysis/assessment that meet requisite compliance.
- Experience in a technical customer-facing consulting or advisory role.
- Experience implementing data security solutions for applications [Java, .net, web services] and databases [Oracle, MS-SQL].
- Basic knowledge of DLP solutions
- Fluent in English and overall business acumen
- Ability to express complex technical security control concepts passionately and effectively
- Ability to work well with people from different disciplines and countries with varying degrees of technical experience.
- Ability to communicate effectively when dealing with business customers and suppliers.
- Knowledge of national and international regulatory compliances and frameworks such as NIST-CSF, ISO-27000, POPI, GDPR, PCI, etc.
POSITION OUTPUTS
- Lead and implement business processes and policies related to controlling access to data, protection strategies, architectures and implementation plans in alignment to Group Policy and Reference Architecture.
- Develop and implement a data protection governance framework to manage data use, at rest and in motion, taking into account both structured and unstructured data.
- Work closely with Privacy, Legal, Compliance and IT functions to develop and monitor policies and standards applicable to the business and in compliance with applicable data protection regulations. Ensure potential and real incidents of data leakage are resolved.
- Provide security guidance and review on business and technology solutions, model threats and risks as well as the controls necessary to mitigate them, on both an organisational and technical level – thinking like a malicious hacker, understanding and anticipating the moves and tactics that a hacker might use to attack the company systems.
- Implement policies and standards to protect data, applications, and the associated infrastructure that reside in a public cloud
- Implement comprehensive Data Loss Prevention (DLP) solutions for all potential leaking/ loss channels, including but not limited to email, web, cloud, printing, clipboard, screen capture, file-sharing applications as well as removable storage devices.
- Implement DLP policies for Office 365: OneDrive, Exchange online and SharePoint and integration with other platforms
- Configure and implement Mobile Application/ Device management policies
- Define local Opco security policies and standards for database protection
- Implement information security controls to protect databases and stored data
- Demonstrate architectures, methods and controls required to meet stringent compliance and audit requirements
- Architect, engineer and support data security solutions from pre-deployment through deployment and post
- Review plans to safeguard sensitive data against accidental or unauthorized modification, destruction, or disclosure and to meet emergency data processing needs
- Proactively assess DLP safeguards across the DLP tool suite to identify potential risks and perform trend analysis
- Provide technical support for a comprehensive risk management program identifying mission critical processes and systems; current and projected threats; and system vulnerabilities.
- Administer and support data protection solutions, creating and implementing DLP rules that trigger on specific conditions to data attributes or data class.
- Create Regular Expression rules that work against a wide range of on premise and cloud-based solutions
- Assist in identifying, assessing, and recommending security software, processes, and services to Senior Management based on business plans and security gaps, as appropriate.
- Recognize and identify potential areas where existing data security policies, procedures, and controls require change, or where new ones need to be developed.
- Maintain an awareness of industry trends and emerging risks and propose relevant company response.
- Provide support to manage critical issues that may affect customers, including determining short-term solutions.
- Complete status and statistical reports in assigned area as required
- Work with key internal stakeholders in the review of projects, related data, and agreements to ensure data security is maintained
- Participate in relevant data governance and POPI committees and provide security inputs
- Review vendor contracts (including Model Clauses) needed to implement projects in partnership with the organization’s Procurement and Privacy functions
- Serve as the primary contact and liaison for all data protection related matters
- Other duties as assigned.
Desired Skills:
- data protection and implementation
- Cyber Security knowledge
- Regulatory controls
- data security
Desired Work Experience:
- 5 to 10 years
Desired Qualification Level:
- Diploma