The IT Security Specialist is responsible for translating IT risk requirements and constraints of business into practical technical control requirements and specifications, as well develop metrics for ongoing performance measurement and reporting of the IT security discipline..
The IT Security Specialist is responsible for creating a strategy and implementing Cybersecurity plans to increase cyber and IT security maturity within the organisation; to investigate risks to the security of information and data to the organisation and provide security for enterprise assets to alleviate risks to the organisation.
Responsible for operational information technology security and maintenance support to ensure that the organization’s server infrastructure, i.e., Linux, Microsoft, etc. is not compromised in any way.
The role furthermore ensures that IT security measures are incorporated into all IT solutions and designs and that the real-world risks are balanced with the business drivers of speed, agility, flexibility and performance.
Performs day to day operations, management and administration to protect the organizations cyber information integrity, confidentiality and availability of information assets and technology infrastructures. Manages cyber security audits and third-party penetration tests.
· The GCISO and IT and digital leadership team
· End-users across all business units
· Organisational customers / external users
· External customers at all levels
· External system suppliers and partners
· External technical support staff
KEY PERFORMANCE OUTPUT AREAS
Key Performance Areas
Core Activities & Accountabilities
Managing IT Risk and Security
- Oversees the monitoring and reporting on compliance with IT security policies and controls, as well as the enforcement of the policies within the IT department and across the organization
- Proposes changes to existing policies and procedures to ensure operating efficiency and regulatory compliance
- Design security policies and procedures for the organization
- Develop a Risk and Security framework, analyse risks across functions and their potential impact on business processes; and ensure that risk management is fully embedded in organisational processes
- Manages the process of gathering, analysing and assessing the current and future threat landscape, as well as providing the Group CISO with a realistic overview of risks and threats in the organisation’s environment
· Manages the day-to-day activities of threat and vulnerability management, identifying risk tolerances, recommending treatment plans and communicating information about residual risk and risk acceptances.
- Provide specialist advice, guidance and support regarding security systems and technology platforms
- Oversees IT security projects (internal to the team) and provides expert guidance on IT security matters for other IT projects
- Designs, co-ordinates and oversees IT security testing procedures in conjunction with the Quality Assurance discipline to verify the security of systems, networks, applications and manage the remediation of identified risks
IT Governance and Compliance Frameworks
- Assists in understanding and responding to IT audit failures reported by auditors and other assurance providers
- Consults across all IT disciplines to ensure that IT security is factored into the evaluation, selection, installation and configuration of hardware, applications and software
- Implement security measures, techniques and related management procedures (firewalls, security appliances, intrusion detection etc.).
- Recommends and co-ordinates the implementation of technical controls and IT security solutions to support and enforce the defined IT security policies
- Ensures audit trails, system logs and other monitoring data sources are adequately and securely captured in compliance with policy and audit requirements and are reviewed periodically
- Conduct and provide accurate reporting on cyber security performance, patch and antivirus deployment, resolution success/failures and risk and mitigation actions.
- Document policies and standard operating procedures (SOP) to ensure compliance
- Performs day to day operations, management and administration to protect the organizations cyber information integrity, confidentiality and availability of information assets and technology infrastructures
- Provides and guides content for IT security communication, awareness and training for all levels of audience
- Researches, evaluates, designs, tests, recommends or plans the implementation of new or updated IT security hardware or software, analysing its impact on the existing environment and providing technical and managerial expertise for the administration of IT security tools
- Manage user access control by monitoring sensitive transaction data, providing correct access rights to users within the organisation and regulating external parties access
- Conduct periodic threat and vulnerability assessments and prepare quarterly and annual network security reports
- Facilitates and manages the response to IT security incidents, where necessary actively participating in investigations
- Manages outsourced vendors that provide IT security-related services and functions for compliance with contracted service level agreements. When needed, renew and amend contracts with vendors
- Directs and guides the disaster recovery planning team in the selection of recovery strategies and the development, testing and maintenance of disaster recovery plans
- Manage risks linked to the business network security and by performing backups as per business continuity plans
Minimum Qualification Required
Bachelor's or Graduate's Degree in business, computer science, engineering or computer science, or Information Systems or equivalent experience
Minimum Experience Requirements
Practical experience in an IT security role
IT security-related certifications, e.g. CISSP, CISM, CEH, OSCP
Experience in developing and maintaining policies, procedures, standards and guidelines
Proficiency in performing risk, business impact, control and vulnerability assessment