Senior Information Security Specialist at Council for Scientific and Industrial Research (CSIR)

Job description

Senior Information Security Specialist

About the job:

The incumbent will be responsible for coordinating, implementing and maintaining information security technologies, standards, procedures and processes required to ensure that the CSIR has adequate information security operations controls. In addition, the specialist will ensure that the controls are regularly measured and monitored for effectiveness. This position is based in Pretoria.

Key responsibilities:

• Drive and manage the implementation of the CSIR-wide information security programme;
• Provide information security expertise and support the management of various information security projects and technology implementations;
• Oversee information security operations within the CSIR, as well as assess and measure the effectiveness of information security technologies, security operations controls, and ensure appropriate reporting;
• Maintain  current  technical  and  operational  information  security skills  including  keeping abreast of evolving technologies and trends;
• Provide technical guidance on products and information security controls;
• Drive and support the process to review, select and deploy appropriate information security technologies;
• Implement, support and assist the CSIR with the understanding of and compliance with the information security policy, standards, processes and procedures;
• Support the maintenance and operations of the information security management system;
• Support information security risk and audit activities, and conduct information security risk assessment or review activities;
• Ensure compliance and alignment of all information security operations with the overall information security governance framework, recommend and drive improvements;
• Evaluate and/or test solutions/systems and ensure appropriate information security requirements and controls have been considered and incorporated into these, where necessary support the remediation of findings;
• Support the information security awareness and training programme and participate in related events and activities;
• Participate in the information security incident management process;
• Support and drive information security investigations.

Qualifications, skills and experience:

• A Bachelor’s degree in Information  technology/systems, computer science, computer/ electronic engineering or related field with at least eight years’ information technology experience, of which five years must be in information security;
• Must be in possesion of a security clearance certificate or  be prepared to undergo a clearance process, nothing should preclude the individual from obtaining security clearance;
• Expertise necessary to understand the CSIR’s technical and business environment in order to design appropriate information security technologies to protect it;
• An understanding of international information security standards and best practice such as the ISO 27000 series;
• Experience in writing information security policies, standards, processes, procedures and guidelines;
• Experience  in  incorporating  information  security controls  and  capabilities  into  various solutions and designs;
• Experience in assessing information security risks, threats and vulnerabilities and ensuring effective controls are in place to mitigate these;
• Demonstrated expertise in a broad range of information security domains, including broad exposure to and understanding of various information security technologies and their capabilities.