Specialist : IT Security

Responsible for the identification, measurement, control and minimisation of loss associated with uncertain information and cyber security risks throughout the ICT and business environment. The development, documentation, implementation and monitoring of an Information Security management framework including policies, standards, procedures, and security architecture to ensure delivery and awareness of sound Information Security Management practices company wide, including compliance with national legislation and international standards. Researches and stays abreast of worldwide best practice and regulations.

Provides expert advice and consultancy with respect to risk management practices and concerns within IT and business architectures, applications, changes, solutions and operational processes.

• Create / Maintain / Communicate Information Security Policies and Standards.
• Ensure Regulatory and Security Policy Compliance and Business Risk alignment.
• Manage policy reviews, updates and approval process.
• Support Security Governance Forum and ISMS Processes.
• Maintain Information Security Strategy and ensure business strategy alignment.

• Ensure Information Security related Operational and Service Level Agreements are established.
• Ensure Security Operations Assurance and Delivery.
• Ensure Security Operations compliance with policies, standards, and procedures including PCI DSS.
• Ensure provision and compliance of Security Operations Management and Security Operations Centre.
• Responsible for ensuring effective Vulnerability Management, Patch Management and Information Security Incident Management.
• Report on enterprise Information Risk.
• Research, Identify and Assess Information threats to business.
• Project and Change Consultation and Assessment of Risk.
• Information Risk assessment, rating, management, and resolution.
• Represent Information Security in Governance and Business processes.
• Monitor, Assess and Report on Operational Security Assurance process.

• Ensure Enterprise Security Architecture aligns with business requirements and risks.
• Advise and recommend technical Security direction in support of Enterprise Security Architecture.
• Define, Assess and Communicate Information Security elements within Business and IT Architecture.
• Information Security input to Business Cases and Projects.
• Ensure Information Security Architecture requirements are met within all systems and processes.

• Ensure Information Security Awareness of Policy and Business Risks.
• Contribute to developing and implementing Information Security Awareness Programs and measuring the effectiveness thereof.

Understanding the IT Security discipline processes, concepts and best practices; Solid technical aptitude and knowledge; Understanding of what is happening in the ICT industry in general. Knowledge in Risk Management; IT Technologies; IT Security, PCI DSS compliance.

• Minimum 3-year in IT Security experience.
• Relevant certification will be beneficial.
• Relevant 3-year Computer Science, Information Management, Engineering or Business Degree / Diploma (NQF level 6).
• Alternatively, Grade 12 (NQF 4) with relevant IT Certification and / or equivalent years of experience.
• Driver's license.