Research & Development Business Unit has a vacancy for an Information Security Specialist – Governance. Applications are invited from people meeting the qualifications and experience requirements set out below.
PURPOSE OF THE JOB:
The role of the Information Security Specialist – Governance is to effectively protect Armscor’s information and other digital assets against security threats and ensure confidentiality, integrity, availability, and non-repudiation of such assets.
CRITICAL PERFORMANCE AREAS:
An Information Security Specialist – Governance supports the Senior Manager (SM): Cybersecurity Governance Division (CGD) in order to:
- Support in ensuring and maintaining a clean audit position of the cybersecurity governance division
- Maintain a clean audit position of the Information Security Specialist role and performance
- Review, audit, test system architecture for compliance with security frameworks, best practices, and/or regulatory requirements
- Review current system security posture and provide recommendations for improvements, conduct regular system tests, and ensure continuous monitoring of network security
- Participate in network and security audits
- Lead and be responsible for information security awareness and related processes
- Support the maintenance of governance documentation that includes cybersecurity policy, information security policy, Information Security Management System (ISMS), practices and procedures in accordance with international organisation for standardisation (ISO) 27001 and other relevant information security standards
- Identify and evaluate security tools and techniques to capture, model, and analyse security architecture options
- Proactively engage and consult with all the cybersecurity divisions to ensure that all Armscor’s applications, platforms, and technology are designed and implemented securely and conform to policies, procedures, practices, and standards of Armscor
- Participate and contribute to deploy cybersecurity solutions in alignment with architectural principles, security protection, business requirements, and required functionality
- Participate in various Armscor technology forums for the deployment of secure technologies
- Participate in maintaining internal security controls, incident response process and conduct investigations as and when necessary and submit the report with recommendations
- Contribute to the development and maintenance of the information systems risk assessment process
- Stay abreast of the latest developments in Information Security Specialist – Governance and risk management, recommend improvement initiatives to the organisation
- Perform risk assessments of ICT infrastructure and applications and make recommendations for improvements
- Assist in development of plans to safeguard computer files against accidental or unauthorised modification, destruction, or disclosure and to meet emergency data processing needs
- Configure and deploy automated security tools that constantly monitor Armscor network and systems for suspicious behaviour, threats, attacks, and intrusions
- Work with Cybersecurity Analysts, Cybersecurity Specialists and Cybersecurity Engineers to close potential threats testing security strategies and defences
- Assist in the development and maintenance of system security plans
- Research and characterise security threats including defining appropriate countermeasures and conduct threat modelling exercises
QUALIFICATIONS:
- National Diploma (ND): Information Technology (IT) or related fields. The Candidate should hold an undergraduate qualification, national qualification framework (NQF) level 6 as recognised by South African Qualifications Authority (SAQA).
TECHNICAL / LEGAL CERITIFICATION / PROFESSIONAL REGISTRATION
- Relevant security or cybersecurity certification would be an advantage.
EXPERIENCE:
- At least 3 years post qualification experience
- Analytical skills
- Cybersecurity, computer forensics and digital forensics skills
- Extensive experience in the information and communication technology (ICT) environment
- Experience implementing security applications including installation, configuration, automation of processes and monitoring
- A proven record of dealing with complex projects and meeting conflicting demands
- Demonstrated ability to contribute to strategic and visionary overall business leadership
KNOWLEDGE & FUNCTIONAL SKILLS:
- Operations management
- Business analysis
- Business development
- Business process excellence
- Business management and administration
- Disciplined agile delivery
- Agile methodology
- Service oriented architecture (SOA) and micro-services architecture principles
- Policy writing
- Project management
- Change management
- Business process analysis
- Working knowledge and experience of the information security standards
- Knowledge of information security principles and practices, including, security risk assessment standards, risk assessment methodologies, and vulnerability assessment
- Knowledge of network security
- ICT portfolio management
- Infrastructure lifecycle management
- Knowledge of routing and switching methodologies
- Knowledge of server technologies
- Knowledge of directory services
Desired Skills:
- Lead and Supervise
- Data Management
- Computer Literacy
- Detail Focused
- Excellent Time Management