IT Security Specialist

Apr 12, 2022

Legal Requirements: S. A. citizen / permanent resident or valid work permit for S.A
Passed credit and criminal checks
Qualification: Tertiary qualification in Information Systems / Engineering (BSc IT, BCom IT)
Reports to: Group Cyber Security
Location: Hybrid (Centurion office & home office)
Experience: Minimum 6 years experience in core Information security domain.

General Purpose of the Position:
Managing the day-today operations and effectiveness of security-related programmes and initiatives, assesses the costs associated with potential threats and solutions required to eliminate or minimizing threats. Lead the service areas to provide assistance, advice, problem-solving, and technical information to internal and external customers regarding Information and Cyber security.

Core Skills and Experience:

  • General programming/software development concepts and software analytical skills.
  • Deep understanding and practical experience of IT Infrastructure and networks.
  • Deep understanding and practical experience around physical perimeter security.
  • Experience with hackers and hacking.
  • Experience in assessing and implementing security and risk standards including ISO 2700X, NIST, ITIL, COBIT
  • Systems security skills in assessment, design, architecture, management and reporting
  • Conduct Information Security Assessment against EY Methodology and leading practice frameworks and common standards.
  • Conduct attack and penetration on infrastructure, network, web application and source code review.
  • Minimum 6 years of experience in core Information security domain.
  • Must be proficient in the ISO 27001 and PCI DSS implementation
  • Must have knowledge on basics of cloud security
  • Experience in performing technical activities like VAPT, configuration reviews and technical exception handling.
  • Experience in cyber security incident management
  • Experience in dealing with clients
  • Experience in managing senior stakeholders and organization leadership teams
  • Experience in team handling

Key Responsibilities:

  • Define the contents of Policies and guidelines on security and risk
  • Creates the information security management system and supports its definition
  • Defines the operating procedures and rules on cybersecurity
  • Supports the definition of the guidelines for analysis of cybersecurity risks
  • Defines the security requirements for significant projects and initiatives
  • Defines and provides awareness programs
  • Defines activities relating to Access governance issues, in terms of management of request flows, mapping of authorizing roles, management of authorizations, recertification of users
  • Defines the Assessment program
  • Threat modelling, security architecture, authentication technologies
  • Security patch management review and implementation.
  • Supervises / Completes security tests of applications and systems
  • Supervises / conducts activities related to protection of data and applications and recording of activities
  • Supervises control of levels of protection and of compliance with cybersecurity rules
  • Supervises, identification, prevention and reaction to attacks of a cyber nature through analysis and control actions, via instruments and internal and external information sources
  • Conduct attack and penetration on infrastructure, network, web application and source code review.
  • Assist company and client in managing Business continuity and disaster recovery
  • Supervises activities related Assist clients in designing and implementing their identify and access management solutions
  • Assist company and client in managing information protection and data privacy.
  • Internal fraud prevention and e-crime
  • Guides and controls Cybersecurity operations of the defense units under the responsibility of other corporate functions (logical and physical security)
  • Carries out Cybersecurity activities for Group companies, with the aim of maintaining adequate protection levels and measures
  • Supervises management of cybersecurity incidents and those related to fraud
  • Supports operationally the management of internal fraud prevention and e-crime issues, collaborating, where provided for, with fraud management functions
  • Management of relations with the Authorities, Law Enforcement Agencies and other qualified bodies (e.g. CERT) on the issue of Cybersecurity
  • Manages internal fraud prevention and e-crime issues, collaborating, were provided for, with fraud management functions Manages relations with the Authorities, Law Enforcement Agencies and other qualified bodies (e.g. CERT) on the issue of Cybersecurity
  • Validates responses to calls for tender and coordinates bid management activities for the part within his/her competence
  • Assist IT and software factory teams with security requirements and measure the effectiveness of the implementation.
  • Plan, manage and run with external vendor and customer security audits
  • To be a focal point for all Client security projects.

The company may include or exclude any task that may be necessary in the interest of the company at its discretion in the spectrum of services and/or duties to be rendered by the Employee.

The mission and activities described in this job description are not an exhaustive list of the day-to-day responsibilities of the job holder and are subject to change. They may be modified or complemented to reflect the company developments.

Desired Skills:

  • IT Security
  • Information Security
  • Risk Management
  • Compliance Management
  • SOC
  • Security Operation Centre
  • Risk Management Methodologies
  • Compliance Management Methodologies
  • Security Management

Desired Work Experience:

  • 5 to 10 years

About The Employer:

Formed in South Africa over 20 years ago, specialising in major financial system infrastructure development. Key player in the Central Banking space with over 9000 employees in 60 offices globally.

Employer & Job Benefits:

  • Provident Fund
  • Medical Aid

Learn more/Apply for this position