Enterprise Cloud Services:
Job Title – Senior Security Specialist
- Act as the senior technical escalation point for the Infrastructure security team
- Act as Information Security Manager for the Business Unit
- Maintain ISO27001 Certification, including the management and ownership of the Information Security Management System (ISMS)
- Assist with Infrastructure Security Architecture for internal and product design
- Act as Risk Champion for ECS Business Unit (BU)
Formal Qualifications
- BSc (Computer Science/Information Systems Security) or equivalent experience
- Recognised ISO-27001 Auditor Qualification (ISO-27001 Lead Auditor/Implementer Certificate)
- Recognised / professional information security qualification (CISSP/CISA/CISM) – advantageous
- Fortinet NSE certifications (NSE 4+) advantageous
Knowledge & Experience
- 10+ years working experience in information/cyber security.
- Knowledge of IT Security and Risk Management frameworks, policies, standards and technologies – ISO-[Phone Number Removed];
- Good understanding of Infrastructure Security controls and how to monitor and measure effectiveness.
- The ability to define problems, collect data, establish facts and draw valid conclusions
- Knowledge of Malware Management, Vulnerability and Patch Management, Identity and Access Management processes and controls, Global Threats understanding, Virtual server protection, Database security, IPS solutions, Desktop Security and EDR
- System and network exploitation, attack pathologies and intrusion techniques (such as denial of service, syn attacks, malicious code, password cracking, etc.).
- Technical understanding/skill set in Linux, Windows (including scripting).
- Good computer skills in Microsoft Word, and Excel is essential
- Strong knowledge of IT Security Standards and Best Practices.
- Knowledge and experience with Fortinet FortiGate and related products
Key Responsibilities
- Primary responsibility for management and implementation of information and data security policies and procedures in accordance with externally verified ISO-[Phone Number Removed]; requirements and other third party accreditation schemes.
- To oversee the effective and maintenance of the Information Security Management System in accordance with the requirements of ISO-[Phone Number Removed]; including possible expansion of the scope of certification
- To ensure policies, processes and procedures are aligned with Global Group best practice and kept up to date
- Organisation and liaison with external accreditation bodies to manage certification schemes, recertification and periodic audit programmes for ISO-27001 & other applicable industry standards in relation to information / data security
- Maintain risk register in relation to information security
- Maintain (in liaison with the Legal Department) a legislation register in relation to information security
- To manage and chair Information ISMS Security Steering and Forum Group meetings
- Engage with various information / data owners on matters of security and compliance and influencing improvement where required
- Ensuring completion of internal and external audits to verify ongoing compliance
- Supporting business to incorporate information security requirements within the annual audit programme
- To monitor compliance to information and data security requirements and notify senior management of potential deviations, areas of vulnerability or non-compliance
- Assist with the scoping and scheduling of penetration testing (where required) to help determine potential flaws / threats
- Educating and mentoring colleagues on information security and best practice
- Maintaining up to date knowledge of developments in security standards, threats and best practice
- Liaison with Supply Chain Management teams to ensure information security requirements are appropriately implemented within the supply chain
- Reporting on performance and the continual development of the Information Security Management System
- Liaison with Business Unit representatives on matters of information security
- Driving information security management strategy and continual improvement objectives
- Presentation and delivery of information security management system data and related performance data when required
- Manage, maintain and test the information security aspects of the Business Continuity Plan in conjunction with Department Executive Head
- Support the business on an ad-hoc basis for tenders and proposals submissions.
- Participate in the Technical Product Engineering process for development of new/updated security products in the BU
Key Skills
- Ability to identify patterns, and analyse and improve processes (business analysis)
- Excellent communication skills, both written and verbal
- Aptitude for learning new methods, techniques and tools
- Be able to demonstrate learning agility to new and emerging cyber threat
- Ability to meet deadlines & consistently produce high quality work
- Proven initiatives in providing guidance to junior team members
- Decision maker that takes accountability
- Can take on manager responsibility where required under pressurised circumstances
- Able to prioritise and delegate
- Multi-tasking
- Exceptional sense of confidentiality and ethics
- Outstanding Leadership with the ability to lead working groups, awareness sessions and training.
- Natural ability to demonstrate diplomacy and pedagogy
- Ability to organize and lead change
Desired Skills:
- ISO27001
- Cybersecurity
- ISO 9001
- Malware Analysis
- Vulnerability Management
- Fortinet
- Fortigate
- Penetration Testing Tool
- Information Security Management System
- Security Operations
- CISSP
- CISM
- CISA
About The Employer:
– Driven by success
– Team Centric
– Customer focussed
– Top Employer
Employer & Job Benefits:
- Medical Aid
- Pension