POSITION OVERVIEW:
The Digital Risk Analyst has strong technical skills in a wide range of ICT domains and reports to the Senior Manager: Digital Risk as a member of the GRC Team. This position will be required to perform second-line control and risk functions related to Information Security, Cyber Security and Digital Forensics in the areas of Information Security Governance; Human Resource Security; Physical and Environmental Security; Supplier Relationships; Information Security Incident Management; Operations Security and Communications Security.
RESPONSIBILIITES:
– Providing technical information, cyber and digital forensics support to other GRC units
including Internal Audit, Forensics, Legal and Compliance.
– Implementation and performing of second-line information, cyber and forensics related
controls.
– Fulfilling, logging, managing and escalating incidents, participating in problem and change
management processes related to information, cyber and digital forensics risk.
– Deployment and management of Digital Risk solutions and systems including applications
and infrastructure.
– Participate on projects to ensure that information, cyber and forensics risk is factored
into the evaluation, selection, design, deployment and maintenance of systems.
– Reporting on the status of controls, incidents, projects and compliance.
– Researching, assessing and recommending systems and configuration standards and
requirements for securing systems.
– Internal and external security related audits, digital forensic recovery and investigation threat modelling, penetration testing, security scanning and testing configuration baselines.
– Implementation and successfully completing second-line controls tests.
– Following approved processes in fulfilling and tracking of GRC requests, incidents, updates, resolution and reporting.
– Provide accurate and on time input to management reports on agreed metrics, evidence as required and advise or report on recommended actions.
– Ensure that Digital Risk infrastructure and systems are available, configured, capacitated and managed as required.
– Providing input and evidence as required and advise or report on recommend actions
aligned to OEM recommendations, industry standards and frameworks and internal policy.
– Reading, interpreting and applying technical data manuals and related documents.
– Keep abreast of emerging security technologies, software and methodologies.
– Researching and providing technical and budgetary information for proposed digital risk
solutions and providing input for RFQ’s and RFP’s.
– Share system and industry knowledge with staff, capacitate team members in order for them to operate in a relevant and effective manner.
– Effective time management, prioritizing requests, organize, schedule and co-ordinate tasks and projects.
QUALIFICATIONS & EXPERIENCE
– A NQF level 7 qualification, preferably Bachelor’s Degree in Information Systems or related.
– Certified in ISO/ IEC 27001
– CISSP/ CISA/CISO certified or similar
– Other relevant certifications, RESILIA/COBIT/ ITIL or similar
– Digital Forensics and Readiness, recovery and investigation. (Encase, Autopsy, Tableau)
EXPERIENCE:
– Minimum 7 years in experience in ICT or information security.
– Strong technical background in multiple ICT Domains (preferred – digital forensics, security and compliance, cyber security)
– Experience with Office 365 security, compliance and auditing.
– Experience with penetration testing tools and vulnerability scanners, Nessus, Arachni, FOCA, etc. (KALI, Maltego, Burp Suite, Arachni, OWASP)
– Experience with Infrastructure and application monitoring and management tools and
software.
– Security Information and Event Management solutions, vulnerability scanning and
penetration testing and enhancing web application and network security. (Nessus,
Checkmarx SAST).
– Experience with SIEM solutions (Alien Vault, etc.)
– Experience with security infrastructure, firewalls, Web Proxies, WAF, IPS, etc. (preferred –
Cisco ASA and FortiGate)
– Experience with networking technologies, LAN, WAN, DMZ, etc. (preferred – Cisco and HP)
– Experience with web application and security technologies (preferred – F5, Barracuda, URL policies and security, Cookie Security, SQLi, XSS, LFI, RFI, DDOS)
– Experience with server and infrastructure services, MS Windows Server, Exchange, Active
Directory, etc.
– Experience with server virtualization (preferred – VMWare)
– SPECIAL REQUIREMENTS:
– Driver’s license with own transport.
– Strong MS Office skills.
– Working after hours as required.