Main Purpose of the Job
The Information Security Specialist is responsible for implementing the security and risk management plans to increase cyber and IT security maturity within the organisation; to investigate risks to the security of information and/or data to the organisation and provide security for enterprise assets to alleviate risks to the organisation.
-
Operational Agility
-
Make recommendations on how to improve the effectiveness, efficiency and delivery of services through the use of technology and best practice methodologies
- Provide specialist advice, guidance and support regarding security systems and technology
platforms - Work with other Specialists and teams as required to collaborate on solutions within their specialisation to ensure fit within the infrastructure strategic direction
- Ensure security requirements are met and service quality is maintained when introducing new services, also considering the cost effectiveness of proposed solution(s)
- Collaborate on the development of and/or review of standards, documentation and methods of working in the relevant area of expertise
- Manage 3rd Party Vendor SLA’s by ensuring deliverables are provided agreed. When needed, renew and amend contracts with vendors
- Ensure that installations, configurations and support are done as per SLA
-
Manage risks linked to the Client’s network security and by performing backups as per business continuity plans
-
Customer Centricity
-
Design security policies and procedures for the organisation and communicate as required
- Document policies, procedures and SOP’s to ensure business continuity
- Develop a Risk and Security framework, analyse risks across functions and their potential impact on business processes; and ensure that risk management is fully embedded in organisational processes
- Monitor the implementation of security policies for preventative, detective and corrective measures
- Develop, update and maintain business continuity and disaster recovery plan
- Implement security measures, techniques and related management procedures (firewalls, security appliances, intrusion detection etc.).
- Conduct and provide accurate reporting on cyber security performance, patch and antivirus deployment, resolution success/failures and risk and mitigation actions
- Manage user access control by monitoring sensitive transaction data, providing correct access rights to users within the organisation and regulating external parties access
-
Conduct periodic threat and vulnerability assessments and prepare quarterly and annual network security reports
-
Business Centricity
-
Identify potential compliance vulnerabilities and risks and mitigate timeously with no harm to business operations
- Oversee and co-ordinate enterprise-wide annual compliance assessments/ audits
- Collaborate with team to identify risks for emerging technologies and ensure alignment to relevant legalisation or the changes thereof
- Develop, update and maintain business continuity and disaster recovery plans
-
Confer with business to share business security objectives and concerns to achieve higher levels of business security
-
Capability Requirements
-
Monitor and analyse technology risk trends and advise IT management on appropriate actions to strengthen internal operations and achieve strategic objectives
- Co-create and innovate with customers and partners to bring best in class solutions to the business
- Build and manage a knowledge repository for the trends on security platforms in the Telecoms industry
Expand your IT capabilities by obtaining relevant certification’s and higher levels within DBS beyond your assigned areas of expertise
-
Miscellaneous
-
Perform any other work-related duties and
responsibilities that may be assigned from time-to- time by management.
Knowledge, qualifications and experience
- B-Degree in Information Technology (honours would be advantageous)
- Certification:
- IT security or Cyber-security certification – compulsory
- ITIL (Intermediate level or above) – (intermediate preferred)
- Minimum 5 years’ working experience in an Information Security environment
- At least 3 years’ experience within an ICT environment
- Exposure to Enterprise architecture frameworks (TOGAF; Zachman; FEAF; MODAF)
Desired Skills:
- Information Security
- Cyber
- IT
- SLA
- Information Technology
- Security framework
- Risk
- Disaster Recovery
- Telecoms
- TOGAF
- Zachman
- FEAF
- MODAF
- Enterprise Architecture Framework
Desired Work Experience:
- 5 to 10 years
Desired Qualification Level:
- Honours