MAIN PURPOSE OF ROLE:
To design and implement security measures and controls to ensure continuous monitoring and protection of software, networks, infrastructure and systems.
TECHNICAL COMPETENCY REQUIREMENTS:
- Deep expertise of networks, infrastructure, and cyber security monitoring tools
- Understanding of CSOC – Cyber Security Operations Centre
- Understanding of Service Level Agreements
- Some knowledge of Cobit and /or ITIL
- A sound understanding of IT Service Operations
REQUIRED MINIMUM EDUCATION/TRAINING:
- B degree in related discipline
- Relevant IT Security certification or equivalent
REQUIRED MINIMUM WORK EXPERIENCE:
- At least 6 years’ experience in IT, of which a minimum of 3 years must be in a security analyst role.
- Good knowledge of Cyber Security and related applications and tools
KEY RESULT AREA:
ENGAGE IN INCIDENT MANAGEMENT
- Resolve all allocated security related incidents – either personally (1st line) or by overseeing service providers (2nd line) in accordance with SLA agreements, standards and procedures
- Review incident trends and incident history, and consolidate for problem management purposes.
MANAGE ICT ASSETS:
- Develop and maintain the company asset lifecycle
- Periodically refresh and rotate IT assets, as and when they have reached end of life as per policy and
- Identify and record assets that are reaching their end of life or are becoming uneconomical to maintain.
- Execute and/or or oversee infrastructure maintenance in a manner which takes the life of the asset into
- Assist in the review of requests for new ICT infrastructure.
IT SERVICE DELIVERY:
- Resolve all but the most complex infrastructure incidents against agreed SLAs; escalate incidents as and when necessary.
- Work alongside 2nd line infrastructure support suppliers, to ensure that customer support and the company service requirements are met.
- Manage personal performance and the performance of and service providers and implement actions to improve service delivery.
DESIGNS AND IMPLEMENTS QUALITY SECURITY SOLUTIONS:
- Design and develop security solutions and platforms including, Defence, Audit, Monitoring and Detection, making decisions regarding insourcing and outsourcing mix to ensure company retains a core capability in this area
- Monitors and tracks the remediation of application security vulnerabilities and
- Support the IT Support SME’s to remediate application and technology security vulnerabilities and risks.
- Assesses the impact of an application going live with residual risks/vulnerabilities and guides the stakeholders
- Facilitating and brokering the negotiations with key stakeholders on the level of tolerable risk vs business
- Ongoing management, monitoring and maintenance of IT security policies and the adherence
- Implement activities that ensure network integrity, including but not limited to backups, anti-virus, patch deployment and email size integrity.
IT SECURITY GOVERNANCE:
- Enforce a secure IT environment and ensuring compliance with local and international laws, regulations and
- Monitor and manage the overall security posture using appropriate tools and technologies
- Implement and drive security awareness and training program for internal and external stakeholders
- Provide security during development stages of software systems, networks and data centres
- Ensure and improve the company’s IT Security and regulatory compliance and governance
OUTCOMES:
- Incidents are managed within given SLA, standards and procedures and accurately documented for reporting and risk mitigation purposes
- Detailed and accurate asset lifecycle roster available for reporting and asset review
- Service delivery is managed within the guidelines of agreed SLA’s
- Implemented security solutions succeeds in remediating application and technology security vulnerabilities and risks.
- Successful collaboration with business to balance business benefit and level of risk.
- Increased security awareness and education
- Managed and improved IT security governance and compliance
Desired Skills:
- Understanding Service Legal Agreements
- Some knowledge Cobit
- Understanding of CSOC