Information Security Specialist

1 Position Details

Position

Business Unit

Quality and Risk Management

Managing any People

No

2 reports to

Chief Information Security Officer

3 Overall Purpose Of The Role

The KPMG Africa Information Security Specialist is to assist with ensuring the confidentiality, integrity, and availability of all systems across the KPMG Africa offices (South Africa, Botswana, Mauritius, Mozambique, Namibia, Zambia, Zimbabwe, Nigeria, Ghana, Kenya, Uganda, Tanzania, and Rwanda). The role involves actively managing and monitoring information security systems to detect, respond, and remediate information security risks and threats across the infrastructure.

4 Position Specifications

4.1 Educational (minimum level necessary to perform the job)

• Professional

4.2 Other requirements

4.3 Experience (minimum necessary before being considered for the job)

Desired Qualification And Experience

• 3 - 5 years’ experience in Information Technology Support or Information Security including Microsoft Azure
• Industry recognized qualification A+, N+, Security +, CySA+, including Cloud Security certifications such as Microsoft Certified: Security Operations Analyst Associate, Information Protection and Compliance Administrator Associate, Security, Compliance, and Identity Fundamentals, Identity & Access Management, Azure Security Engineer
• Professional certifications preferred but not required (CISM, CISSP, ECIH)
• Strong knowledge of information security and cloud security concepts
• Experience with identifying, analysing, and reporting on information security risks and incidents
• Experience in security incident response, threat analytics, security operations, vulnerability management, and security risk management
• Knowledge of security tools like Qualys, Microsoft Defender Endpoint, Microsoft Sentinel
• Experience evaluating vulnerabilities, developing mitigation strategies, and implementing remediation
• Knowledge of Microsoft Servers, Active Directory, and network infrastructure protocols and technologies

5 Core Competencies (Attributes)

• Attention to detail and accurate documentation
• Ability to analyze and interpret information
• Ability to work independently and as part of a team
• Organizational and prioritization skills under pressure

6 List of Key Performance Areas & Key Performance Indicators

Main Responsibilities

Incident Management

• Monitoring incident response channels
• Executing the Information Security Incident Management Process and escalating high-priority issues
• Tracking and escalating open incidents
• Producing weekly and quarterly reports for the CISO on incident status and trends

Security Systems Configuration and Management

• Daily monitoring and configuration of security systems
• Asset reconciliation for security coverage
• Reporting and issue resolution support

Monitoring of Patch Management

• Monitoring performance and identifying process risks
• Addressing challenges to compliance

Threat and Event Monitoring

• Detecting and escalating security threats and events

Vulnerability Management

• Monitoring vulnerabilities, asset reconciliation, initiating remediation, and supporting penetration testing

Support the implementation of NITSO Projects and other initiatives

• Supporting project execution and team initiatives