IT Support

This is an on-premises position, candidate is required to be stationed at the office in Linbro Park, Sandton.

Candidate must have strong I.T. knowledge in networks, servers, cyber security, and general end user support.

I.T Policies and procedures:

Review the policies once a year and sign it off.

Add new policies as needed.

Must be familiar with POPIA requirements.

Must know ISA 315 audit requirements.

Disaster recovery and business continuity:

Test at least once a year.

Must know how to set up a DR environment (strong network & server knowledge).

Will be the liaison between the Company’s auditors and Alice, (auditing tool) this will require reporting all findings and keeping the overall score satisfactory.

Candidate must have knowledge of I.T. Operations, security, governance, frameworks, and a firm grasp of the below to provide to the auditor:

Access Management

Latest Final Signed-off Access Policy (not a draft version)

Risk Register pertaining to IAM

Full user list(s) for each in-scope system

Employee listing for all active and terminated employees

User requests for new users

Database logging settings and evidence of reporting and reviewing of direct access

Change Management and Systems Development

Latest Final Signed off Change Control Policy (not a draft version)

List of changes from change management software

List of change request with all applicable information

Evidence of CAB meetings and formal approval approaches

Evidence of Testing of Changes

Use of Program Library

Evidence of Automated version control

Evidence of migration software

Emergency change procedures

IT Operations

Latest Final Signed off IT Strategy (not a draft version)

List of key stored procedures on system and DB level used for daily operations

Documented backup policy and procedures

Operational server names per application

Printscreen of backup software

Reports showing last three months’ results of backups per application

Backup policies on backup software

Evidence of offsite backups and intervals

Testing of backups and restores

Evidence of backup media rotation and disposal policies

Environmental controls similar to server room above

Password Policy per in-scope system

Logs for high-risk events

Latest signed off recertifications performed

Database names for the applications as well as the direct login user profiles and permissions

Database logging settings and evidence of reporting and reviewing of direct access

Policies & Procedures

Change requests

Tracking changes

Testing changes

Separate environments

Version control

Change meetings & forum

I.T. Governance

Information security

Cybersecurity

Service management

I.T. Risk Management

Software development

I.T. Project management

Enterprise architecture

Penetration testing

Strategy

Full job spec will be provided on request

Desired Skills:

I.T. knowledge in networks

I.T. knowledge in servers

Disaster recovery and business continuity

I.T. Operations

security

governance

frameworks

Centre for Internet Security (CIS) v8

