Senior Security Analyst

The Senior Security Analyst is the organization’s principal operational and strategic security expert. This role blends deep technical skills with the ability to shape and maintain security posture at an enterprise level. The position encompasses hands‑on monitoring, investigation, and remediation, alongside higher‑level governance, compliance, and risk management responsibilities. The Senior Security Analyst will guide security strategy, lead incident responses, oversee security governance processes, and ensure that security is embedded in every aspect of our technology delivery and business operations.

• Act as the primary security authority, advising leadership on emerging threats, vulnerabilities, and best practices.
• Lead the development, implementation, and continuous improvement of the organization’s security strategy and roadmap.
• Champion a security‑first culture, embedding security considerations into all business and technology decisions.

• Oversee and configure security systems, including firewalls, intrusion detection systems (IDS), and data loss prevention (DLP) tools.
• Conduct advanced analysis of security alerts and logs to detect sophisticated threats and patterns.
• Lead forensic investigations of security incidents and breaches, ensuring root cause identification and lessons learned.

• Stay ahead of the latest threat intelligence, attack vectors, and industry developments.
• Lead and coordinate regular vulnerability assessments and penetration tests.
• Implement an enterprise vulnerability management programme, ensuring timely remediation and reporting to senior stakeholders.

• Develop, maintain, and test comprehensive incident response plans.
• Act as incident commander during major security events, coordinating with internal teams, third parties, and regulators.
• Produce post‑incident reports with actionable recommendations for executive review.

• Own and maintain security policies, standards, and procedures, ensuring alignment with GDPR, ISO 27001, NIST, and other applicable frameworks.
• Lead risk assessments across the technology estate, recommending mitigations and tracking their implementation.
• Prepare for and support internal and external audits, acting as the primary point of contact for security compliance matters.

• Develop and deliver targeted security awareness programmes to employees and contractors.
• Mentor and support junior security and IT team members, fostering skill growth and succession readiness.

• 5+ years in a cybersecurity role, including at least 2 years in a senior or lead capacity.
• Relevant security certifications (e.g., CISSP, CISM, GIAC, Microsoft Security Certifications).
• Expert knowledge of the Microsoft Azure security stack (Sentinel, Defender, Conditional Access, Identity Protection).
• Proven track record in incident management, threat detection, and vulnerability management at an enterprise scale.
• Strong ability to produce security documentation, playbooks, and policies to a high professional standard.
• Deep understanding of security frameworks such as ISO 27001, GDPR, and NIST.

• Familiarity with ERP systems, particularly Microsoft Dynamics Business Central.

Please apply with a detailed CV: monique.joubert@isilumko.co.za