Senior IT Security Specialist

Feb 3, 2023

SENIOR IT SECURITY SPECIALIST

LOCATION Illovo
POSITION TYPE Permanent
CLOSING DATE 15 February 2023
SALARY R750 000 CTC Per Annum (Max)

JOB PURPOSE To actively protect the organisations information technology assets and infrastructure from external or internal threats and ensuring compliance with statutory and regulatory requirements regarding information security and privacy. Also, to ensure security controls are implemented and managed across the organisation and to improve the overall security posture while maintaining the integrity of the Company brand.

QUALIFICATIONS
– A relevant diploma/degree in Information Communication Technology
– Relevant IT security certifications (CompTIA Security+, CISCO certified, Fortinet certified, CISSP, ITIL, COBIT, etc.)

EXPERIENCE
– More than 6 years of Information and Technology security experience with advanced knowledge of the following technology environments: DarktraceTechnology, Fortinet Firewalls Zscaler Technology, Mimecast, Crowd strike andfamiliarity with industry SIEM solutions.

JOB DUTIES /RESPONSIBILITIES
Cyber Security Program

  • Understand the Company’s strategy and the cybersecurity implications to enable digital trust within the Company’s operations and platforms.

  • Design, configure, deploy, and maintain security controls to safeguard the Company’s infrastructure.

  • Actively protect the organization’s information technology assets and infrastructure from external or internal threats and ensure compliance with statutory and regulatory requirements regarding information access, security,and privacy.

  • Analyse problems, and recommend solutions, products, and technologies to meet business security and information security objectives.
  • Perform security assessments for all systems and applications, and check for compliance with cybersecurity standards and regulations in projects and new systems design implementation.
  • Interpret the cybersecurity strategy and framework

  • Interpret cybersecurity maturity levels and implementation road maps

  • Lead the implementation of best practice network security controls across cloudenvironments (AWS and AZURE) and On-premises platforms to maintain resistance against [URL Removed] protection and encryption

  • Understand organizational information data flow and maintain an inventory of data to ensure sensitive information is identified and protected adequately.
  • Understand data classification framework and implement controls as per sensitivity levels.
  • Ensure protection of data with advanced data encryption, data masking, ortokenization, to protect data across applications, transactions, storage, and bigdata platforms, on endpoints, servers, databases, and cloud environments.
  • Develop or install software, such as data encryption programs for data at rest,in transit, and in use such as SSL certificates to protect sensitive information.

  • Develop best practices for Crypto Key Management across the organization and maintain safe and responsible use of cryptographic [URL Removed] web and Endpoint Security and monitoring

  • Build, maintain and upgrade security technology, such as firewalls, web application firewalls; network access controls; web security controls; end point security controls for the safe use of computer networks, and the transmissionand retrieval of information during business operations.

  • Maintain the malware and destructive activities policy rules across security platforms to ensure business continuity while security is maintained.
  • Coordinate monitoring of networks or systems for security breaches orintrusions across Cloud and On-premises platforms.
  • Ensure endpoint security controls have covered the whole of the Company’slandscape and remain effective in identifying and mitigating threats in line withthe in-depth layered defence [URL Removed] and vulnerability Management
  • Lead threat landscape assessment and situational Cyber-attack Vulnerability awareness through an understanding of the vulnerability Detection,Management management program.
  • Ensure vulnerability assessments and penetration tests are performed periodically.

  • Analyse and interpret vulnerability results and facilitate Protection, and Response Maturity levels remediation of identified vulnerabilities in conjunctionwith other IT departments, and business applications owners.

  • Provide reports to various forums on the vulnerability management program

  • Continuously scan the threat landscape to identify threats facing the Companyenvironment and provide proactive suggestions on [URL Removed] security

  • Support facilities with the implementation of physical security measuresdesigned to deny unauthorized access to Company premises.
  • Ensure robust and fit-for-purpose access controls, surveillance cameras, andintrusion systems.
  • Ensure advanced controls are in place for high-risk areas such as data centersand computer storage [URL Removed] recovery and business continuity
  • Support the development of disaster response and recovery strategies within the Company.
  • Ensure seamless transition between the Company and the disaster recovery site during security breaches or other business interruptions.
  • Troubleshoot security and network problems to maintain a fit-for-purpose DR site and business continuity – [URL Removed] response and third line support
  • Provide second-line support to users with any Information Security related queries within the SLA period.
  • Provide technical support to computer users for installation and use of security products.
  • Oversee and provide advanced support on open issues (e.g., customer logged tickets, incidents, projects, etc.)
  • Assist in incident response for any breaches, intrusions, or theft.
  • Coach and guide Service desk and IT support in their incident response regarding security, and appropriately escalating issues in line with the service management processes and [URL Removed] hoc
  • Continuously develop information security standards and best practices to respond to the changing environment.
  • Follow the Procurement processes to purchase and identify the right service providers for security services.
  • Oversee Third-party service delivery in line with defined service level agreements
  • Train and groom the upcoming junior IT staff.
  • Troubleshoot security and network problems
  • Write Security reports and performance of security controls using performance indicators.
  • Research identify and recommend improvement to capabilities and maturity ofthreat and vulnerability management strategy, policy, standards, processes,procedures, and tools to deliver value to the business.
  • Maintains system documentation and configuration data for security tools and processes for regulatory and audit purposes.
  • Assist in the development of procedures running the department.
  • Control the departmental budget ensuring expenditure remains within the set parameters.
  • ATTRIBUTES Knowledge
  • Cyber security controlling and monitoring
  • Cyber security tools & frameworks
  • Understanding the Company regulations, wordings and procedures
  • Good knowledge of Insurance-related regulations
  • Good knowledge of the Company’s product offeringTechnical skills:
  • Interpreting data
  • Managing relationships
  • Emotional resilience
  • Embracing change
  • Team working
  • Managing work
  • Driving results
  • Upholding standardsAttributes and Values:
  • Initiative-taking
  • Reliable
  • Deadline driven
  • Collaborator and Team player
  • Maintains high integrity and meets strict accuracy
  • Prominent level of communication at all levels
  • Analytical
  • Stress tolerance and flexibility
  • Trustworthy
  • Exercise judgment and decision making
  • Maintain confidentiality
  • Punctuality and good time management
  • The ability to work on various projects at once
  • Mindfulness

Desired Skills:

  • DarktraceTechnology Fortinet Firewalls Zscaler Technology Mimecast Crowd strike

Desired Work Experience:

  • More than 10 years

Desired Qualification Level:

  • Degree

Learn more/Apply for this position