Overall Job Purpose  :  Responsible for the implementation of the cyber protection  mechanisms, testing, identity and access management, configuration management, cybersecurity (CS) education programme, CS Incident management, vulnerability and compliance with the relevant act, regulations and standards. Cybersecurity and ICT risk specialist will also act as an interface to various stakeholders for subjects related to cybersecurity.

• Perform the cybersecurity testing and verifications of cyber governance, risk and compliance, cybersecurity/preventative management.
  
• Responsible for multi-faceted cybersecurity risk program (e.g. monitor cybersecurity threats and report on cybersecurity activities and compliance across all Company’s sites and keeping management informed about the trends and proposal for controls) to ensure that the Company’s technologies and information assets are protected in line with the Company’s policy universe and appropriate.
  
• Proactively identify and make analysis of cybersecurity risks across the Company’s sites and work with the Company’s community including ICT, protection services and enterprise risk managers to oversee the implementation controls of appropriate controls measures to mitigate the cybersecurity risks.
  
• Drive cybersecurity risks awareness program.
  
• Perform other tasks necessary for continuous improvement of the Company’s cybersecurity posture as and when required.
  
• Prepare the cybersecurity reports as and when required.
  
• To build in- house cybersecurity centre of specialisation pipeline which entails training and mentoring the ICT interns.
  
• Assist in keeping ICT asset register and configuration management database up to date.
  
• Performing the operational establishment and preventive maintenance of backups, recovery procedures, and enforcing security and integrity controls                                                                                                                                                          
  
• Accepting responsibility for the processes, procedures and operational management associated with cyber security and disaster recovery planning
  
• Liaising with cybersecurity, service providers and other state entities for analysing, recommending, installing and maintaining cybersecurity posture; and monitoring service level obligations
  
• Participate in the development, implementation, and maintenance of the Company’s cybersecurity policy and procedures in compliance with government regulations and standards.
  
• Identify, develop and maintain cyber security register and work with the Company’s community to implement the controls to reduce the cybersecurity risks and incident resolutions
  
• Participate in the Company’s cybersecurity collaborations with other state entities
  
• Troubleshooting and providing service support in diagnosing, resolving cybersecurity incidents.
  
• Preparation and maintenance of procedures, forms, recording of information and system logs
  
• Continually survey the cyberspace to determine future cybersecurity needs and making recommendations for enhancements and implementation.
  

Requirements

• Grade 12.
  
• A minimum qualification of a Bachelor’s degree (NQF level 7) in Computer Science /       Information and Communication Technology (ICT).
  
• Certifications such as CCISO or Certified Information Systems Auditor (CISA) or Certified Chief Information Security Officer (CCISO) or Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM) or any other security related certification.
  
• Post graduate qualification in Computer Science / Information and Communication Technology (ICT) will be an advantage. 
  

KNOWLEDGE AND EXPERIENCE 

• Minimum of at least 5 years of ICT security risks or Cybersecurity experience (i.e. planning, designing and execution) (minimum of 3 years cybersecurity program execution is a must). 
  
• Minimum of at least 2 year’s experience with firewalls and hold the relevant vendor certification (i.e. FortiGate Next Generation) (this is a must have).
  
• Minimum of at least 2 year’s experience in Security Incident and Event Management
  
• (SIEM)
  
• A proven track record in successful execution of cybersecurity program and experience in development of cyber security policy and procedures universe.
  

▪  Experience in Information Technology Infrastructure Library and Control Objectives for Information and Related Technologies (COBIT).