Information Security Engineer at Silica

Job description

The Information Security Engineer has responsibility for implementing, supporting, and managing information security platforms in support of maintaining a secure, POPI compliant environment for Silica Software Solutions (Pty). This includes assisting in the development, implementation and monitoring of information security procedures, standards and practices throughout Silica to ensure compliance with POPI and ISO/EC 207002 standards. The Information Security Engineer is also responsible for coordinating information security incident procedures and coordinating the response to prevent information loss under the direction of the Chief Information Officer and the Chief Executive Officer.

• Bachelor's degree in computer science or equivalent systems and technical background.
• Minimum 5 years’ experience in monitoring and managing information technology security systems with experience in implementing security risk assessments and socializing security technology and procedures.
• Knowledge of managed financial information systems operations and business processes within complex systems environments preferred.
• Possess Certified Information Privacy Professional (CIPP) certification and at least one of the following certifications: Certified Information System Security Professional (CISSP) or Certified Information Security Manager (CISM).
• Certified Ethical Hacker (CEH) or Certified Cloud Security Professional (CCSP) is a plus.
• Demonstrable knowledge about industry best practices and guides such as ISO27002, Cobit, and ITIL.
• Experience in managing external vendors and Application Service Providers (ASP).

Key Performance Areas: (Specific Description of the job)

Information Security Strategy, Procedures and Controls

• Assists with the strategic planning and tactical execution of information security controls for Silica.
• Ability to assist in the creation strategic plans for the Information Security team and technologies that may be required to fulfil our mission.
• Helps maintain corporate-wide information security procedures and controls in compliance with POPI act, ISO/EC 27002 standards and other applicable standards and state security regulations.
• Provide assistance and advice as an information security subject matter expert for developing procedures in support of corporate-wide procedures.
• Collaborate with IS and other business units in defining information security controls; including standards for information systems architecture, operations, technology selection and integration, and information systems access and use.
• Develop and maintain operating procedures for the controlled access, retention and destruction of computer data.
• Participates as part of the IS change control process in accordance with guidelines from Internal Audit.

Information Security Operations

• Implements and manages Intrusion Detection/Prevention (IDS/IPS), Vulnerability Management systems, Firewalls, Anti-virus systems, patch management systems.
• Participate in design reviews and identify potential mitigation strategies for security risks.
• Works with other IS support teams to manage required changes and updates to IS Security related systems that are not under the direct control of the IS Security Team.
• Perform security reviews of new applications to identify security risks.
• Managing and performing vulnerability testing scans and vulnerability remediation.
• Assist in setting security standards within the security team, assist in security architectural designs and will recommend corrective action to ensure data security.
• Develop secure solutions based on approved security architecture.
• Analyse business impact and exposure based on emerging security threats.
• Work closely with architects, functional area specialists, and security staff to ensure adequate security solutions are in place throughout all IT systems and platforms to mitigate identified risks sufficiently, and to meet business objectives and regulatory requirements.

Prior Work Experience / Background:

• A strong networking background in CheckPoint firewalls and Cisco technologies (switches, routers).
• Advanced knowledge of best practice standards and procedures regarding information systems network security, application security, security standards and frameworks.
• Ability to analyse, design and integrate security into information system networks, applications and procedures.
• Knowledge of business continuity and disaster recovery principles and practices.
• Strong analytic and forensic skills with ability to respond to incidents and propose solutions to security problems involving technology and business process.
• Strong communication skills, both written and oral, and ability to influence corporate direction.
• Knowledge of Microsoft SharePoint security.
• Experience in remote access methods including VPNs.
• Knowledge of database system security (Oracle, SyBase and SQL).
• Knowledge of Internet security and authentication methodology for web servers and proxies.
• Background in methods for securing mobile devices and cloud based security concepts.
• Experience with VMware virtual server and desktop security.
• Experience with Internet web filters (Bluecoat).
• Proficiency in Microsoft Office Products (Excel, Word, PowerPoint, and Visio) required.
• Proficiency with Linux or Unix systems.

Technical / Special Requirements (PC Skills / Product Knowledge / Specific Competencies)

• Information Security Risk Management and Incident Response
• Develop recommendations for addressing security control gaps to strengthen Silica’s security posture.
• Prepare and provide summary reports to the CIO, CEO, Risk and Compliance on information security assessment results and security initiatives.
• Assist in response to audit points identified by 3rd party auditors and facilitating the implementation of protective and mitigating controls.

Business Continuity

• Participate as a member of the Business Continuity Committee to provide assistance and support for corporate efforts related to business recovery, emergency preparedness and security.
• Develops and implements procedures to recover critical business services and their supporting departments and technologies.
• Information Security Awareness and Emergency Preparedness
• Assists with projects to test security and business recovery; including preparing project scope, plans, estimates of resource requirements, and project status reporting.
• Participate as a team member of the Incident Response program.
• Perform additional duties as delegated and/or assigned by Silica’s CIO, CEO or Risk and Compliance.

NON-ESSENTIAL JOB FUNCTIONS:

Perform additional duties and responsibilities as assigned by management.