Information Security Analyst (GRC) at The Foschini Group – Western Cape Parow

Position Description:

We’re looking for a Governance, Risk & Compliance Security Analyst (GRC Security Analyst) to be part of our Information Security team. If you have sound experience in GRC for large scale organisations, then you should consider applying for this role.

With a robust strategy focusing on People, Process and Technology, we believe that our culture and the quality of our people are our greatest strengths. As such, we need to employ top talent to support our key business functions.

TFG’s IT division provides innovative, strategic and cost-effective ICT solutions and professional services to TFG and its subsidiaries. Working for TFG means; working with highly talented professional individuals, who are passionate about collaboration, creativity and working towards successful customer service.

The Key Performance Areas of this role will be as follows:

Risk Management:

Manage and coordinate 3rd party risk management (TPRM) assessments

Engage with BU/Functional Heads re TPRM within their departments

Conduct vendor reviews and measure TPRM engagement, including vendor/supply chain maturity

Update and manage the TPRM dashboard regards goals vs achievements

Socialise the TPRM framework with all the required stakeholders

Contract reviews and input into Cyber Security related risk clauses

Engagement with Group Assurance and relevant stakeholders

Audit Management:

Liaise with internal and external auditors and Infotec key stakeholders

Drive the resolution of audit findings and provide regular updates and reports to the relevant stakeholders

Engage and manage PCI audits with all stakeholders

Engage directly with the CyberSecurity team to manage open audit findings

Policy Management:

Update all CyberSecurity policies where required throughout the year, and within timeframes for relevant TFG-held certificates

Update and manage a regular Policy dashboard regarding reviews/modifications undertaken

Socialise the CyberSecurity policies within TFG

Compliance Management:

Regular monitor, manage and report on the PCI-DSS compliance status

Regular monitor, manage and report on the POPIA compliance status

Engage with legal and legal compliance

Cyber Security Awareness:

Update and maintain the security awareness program

Review and update security awareness content

Requirements:

Relevant 3-year tertiary qualification

Information Security certification (s) such as Security+, CyberSecurity Analyst, CRISC, CISSP, SC-900, SC-300 and ISO27000 set of standards

Minimum of 3 years IT experience and at least 2 years’ experience as an Information Security Analyst.

Experience with data privacy (POPIA and/or GDPR) is required

Experience in driving PCI-DSS compliance and recertification

Understanding and leveraging off mainstream Risk Management frameworks

Understanding of IT Disaster Recovery

Strong communication skills, both written and verbal

Strong analytical skills

Good interpersonal skills

Coping within a high-pressured environment

Ideally you should be skilled in:

Working with Risk Management tools

Cloud exposure like Azure, AWS, Google

Project Management and/or coordination capabilities

2-3 years’ Compliance Management experience (POPIA, PCI, GDPR)

2-3 years’ experience working with Cybersecurity technologies

1-3 years’ experience in conducting risk assessments.

Competencies and behaviours for success:

Strong conflict management skills

Excellent written communication, presentation and negotiation skills

A focus on delivering results and meeting customer expectations

Sound judgement, decision-making, and problem-solving skills

High resilience and agility with the ability to work well under pressure and deliver to in a fast-paced environment

High emotional intelligence and experience in leading diverse teams and individuals

