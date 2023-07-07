Requirements
This position will be accountable for:
- Continuously learn about potential improvements to the security framework, methodology, standards, and system of internal controls
- Gather and evaluate information, including to support Auditors, Regulators, and compliance partners
- Perform tests, to evaluate the design and effectiveness of key controls as is necessary for compliance
- Identification of control deficiencies in the design and operating effectiveness of information security controls
-
Participating in the establishment and implementation of information security audit and assurance planning and scheduling
-
Evaluation of compliance with programs and processes to mitigate cybersecurity risk and ensure protection of company and allied assets and information
- Implementing and maintaining governance, risk and compliance (GRC) processes
- Performing security and compliance assessments on new and existing systems, processes, technology
- Attending disaster recovery and business continuity planning sessions to understand integration with information security governance, risk and compliance elements
- Performing analysis and documentation of assigned business and technical processes
- Conducting formal information security risk analyses, reviews, tests, audits and/or self-assessments
- Working with relevant stakeholders to close out on audit findings and identified risks
- Participating in IT controls and compliance testing activities and/or audits
- Performing technical configuration of industry leading GRC tools through skills acquired on-the-job and specialist course offerings
- Ensure cyber security policies and procedures are communicated to all personnel and that compliance is enforced
- Supporting operation and administration of systems for information security and IT
- Reporting on information security risks as and when required
Knowledge, skills and attributes:
- Sound knowledge of information security risk management frameworks and compliance practices
- Knowledge of securing network technologies, client, and server operating systems
- Knowledge of security standards and guidelines based on best practices and industry standards
- Interpersonal, communication, and presentation skills, including formal report writing skills
- Understanding of common security standards and regulations, as well as cybersecurity frameworks (e.g., ISO2700x, NIST, CoBiT, BCM, ITIL, GDPR, ITAR, SOX, etc.)
- Ability to manage and prioritize tasks and activities
- Ability to quickly learn and work with technologies related to governance, risk, and compliance
- Proficiency with Microsoft Office (e.g., Outlook, Word, Excel, PowerPoint, etc.)
- Able to consistently deliver quality work products
- A team-focused mentality with the proven ability to work effectively with diverse stakeholders
- Ability to work under pressure while maintaining a professional image and approach
- Education and training:
- Bachelor’s degree in Computer Science, Information Technology or related and/or equivalent
- Information security related training or certifications such as CISSP, CISM, CISA or CRISC
- Experience:
- At least 5-6 years’ experience in a similar position (IT security, risk management or GRC), progressing through other career levels
- Experience of dealing with relevant stakeholders, managing expectations in the pursuit of improved information security
- Working experience as a business analyst or a keen interest in business operations
- Experience with common industry guidelines (such as CIS)
Desired Skills:
- ISO2700X
- CISM
- CISSP
- Information security
- Data loss prevention
- Security controls
- COBIT
- SOX
- ITIL
- ITAR
- GRC
- CIS
- GDPR
- NIST
Desired Work Experience:
- 5 to 10 years
Desired Qualification Level:
- Degree
About The Employer:
Our client seeks a Information Security Analyst urgently to join their growing and dynamic team located in the Southern Suburbs of Cape Town.