Senior Security Specialist

Aug 12, 2022

Enterprise Cloud Services:

Job Title – Senior Security Specialist

  • Act as the senior technical escalation point for the Infrastructure security team
  • Act as Information Security Manager for the Business Unit
  • Maintain ISO27001 Certification, including the management and ownership of the Information Security Management System (ISMS)
  • Assist with Infrastructure Security Architecture for internal and product design
  • Act as Risk Champion for ECS Business Unit (BU)

Formal Qualifications

  • BSc (Computer Science/Information Systems Security) or equivalent experience
  • Recognised ISO-27001 Auditor Qualification (ISO-27001 Lead Auditor/Implementer Certificate)
  • Recognised / professional information security qualification (CISSP/CISA/CISM) – advantageous
  • Fortinet NSE certifications (NSE 4+) advantageous

Knowledge & Experience

  • 10+ years working experience in information/cyber security.
  • Knowledge of IT Security and Risk Management frameworks, policies, standards and technologies – ISO-[Phone Number Removed];
  • Good understanding of Infrastructure Security controls and how to monitor and measure effectiveness.
  • The ability to define problems, collect data, establish facts and draw valid conclusions
  • Knowledge of Malware Management, Vulnerability and Patch Management, Identity and Access Management processes and controls, Global Threats understanding, Virtual server protection, Database security, IPS solutions, Desktop Security and EDR
  • System and network exploitation, attack pathologies and intrusion techniques (such as denial of service, syn attacks, malicious code, password cracking, etc.).
  • Technical understanding/skill set in Linux, Windows (including scripting).
  • Good computer skills in Microsoft Word, and Excel is essential
  • Strong knowledge of IT Security Standards and Best Practices.
  • Knowledge and experience with Fortinet FortiGate and related products

Key Responsibilities

  • Primary responsibility for management and implementation of information and data security policies and procedures in accordance with externally verified ISO-[Phone Number Removed]; requirements and other third party accreditation schemes.
  • To oversee the effective and maintenance of the Information Security Management System in accordance with the requirements of ISO-[Phone Number Removed]; including possible expansion of the scope of certification
  • To ensure policies, processes and procedures are aligned with Global Group best practice and kept up to date
  • Organisation and liaison with external accreditation bodies to manage certification schemes, recertification and periodic audit programmes for ISO-27001 & other applicable industry standards in relation to information / data security
  • Maintain risk register in relation to information security
  • Maintain (in liaison with the Legal Department) a legislation register in relation to information security
  • To manage and chair Information ISMS Security Steering and Forum Group meetings
  • Engage with various information / data owners on matters of security and compliance and influencing improvement where required
  • Ensuring completion of internal and external audits to verify ongoing compliance
  • Supporting business to incorporate information security requirements within the annual audit programme
  • To monitor compliance to information and data security requirements and notify senior management of potential deviations, areas of vulnerability or non-compliance
  • Assist with the scoping and scheduling of penetration testing (where required) to help determine potential flaws / threats
  • Educating and mentoring colleagues on information security and best practice
  • Maintaining up to date knowledge of developments in security standards, threats and best practice
  • Liaison with Supply Chain Management teams to ensure information security requirements are appropriately implemented within the supply chain
  • Reporting on performance and the continual development of the Information Security Management System
  • Liaison with Business Unit representatives on matters of information security
  • Driving information security management strategy and continual improvement objectives
  • Presentation and delivery of information security management system data and related performance data when required
  • Manage, maintain and test the information security aspects of the Business Continuity Plan in conjunction with Department Executive Head
  • Support the business on an ad-hoc basis for tenders and proposals submissions.
  • Participate in the Technical Product Engineering process for development of new/updated security products in the BU

Key Skills

  • Ability to identify patterns, and analyse and improve processes (business analysis)
  • Excellent communication skills, both written and verbal
  • Aptitude for learning new methods, techniques and tools
  • Be able to demonstrate learning agility to new and emerging cyber threat
  • Ability to meet deadlines & consistently produce high quality work
  • Proven initiatives in providing guidance to junior team members
  • Decision maker that takes accountability
  • Can take on manager responsibility where required under pressurised circumstances
  • Able to prioritise and delegate
  • Multi-tasking
  • Exceptional sense of confidentiality and ethics
  • Outstanding Leadership with the ability to lead working groups, awareness sessions and training.
  • Natural ability to demonstrate diplomacy and pedagogy
  • Ability to organize and lead change

Desired Skills:

  • ISO27001
  • Cybersecurity
  • ISO 9001
  • Malware Analysis
  • Vulnerability Management
  • Fortinet
  • Fortigate
  • Penetration Testing Tool
  • Information Security Management System
  • Security Operations
  • CISSP
  • CISM
  • CISA

About The Employer:

– Driven by success
– Team Centric
– Customer focussed
– Top Employer

Employer & Job Benefits:

  • Medical Aid
  • Pension

