Governance Information Security Analyst at Sun International

Job description

Main Purpose of the Job

The position as IT Security Analyst is focused on enabling the business to grow through the mitigation of information security/vulnerability risks and fulfilment of related regulatory obligations. This role has a direct responsibility for providing leadership in:

• the protection of Sun International’s information and intellectual property regardless of the location of processing or data,
• ensuring all business processes have sufficiently effective information security to protect the integrity and confidentiality of the processing and the data, and
• Monitoring, assessing the security toolsets put in place to verify risk threats and remediation points thereof.
• Analysis and reporting on the results from evaluating the information security monitoring system, the implemented organisational and technical measures and the adherence to measures necessary for compliance with regulatory and contractual obligations.
• Working with relevant extended teams to embed a robust security management and monitoring system and to engage with business to develop awareness and rule sets to reduce risk.

Education

• 3 Year Degree at NQF Level 6 (IT Qualification an advantage)
• COBIT and/or ITIL /ISO 27000 Certification/knowledge
• Security certifications, such as CISM and CISSP
• Cyber threat incident triage (identification through to closure)
• SME – Information Security Management Knowledge
• Cyber threat reporting and dashboards
• Cyber Security Technologies such as SIEM, AVS, Web gateway

Experience

• Minimum of 4 years information security toolset/vulnerability management experience including:
• Ensuring that security investments and IT capabilities are future proof
• Conducting information security risk assessments
• Assisting in rule creation to execute security monitoring toolsets such as DLP, SIEM and NAC.
• Engage with business constantly to understand business processes, data classification, and infrastructure layout to be able to categorise risk threats.
• Proven track record of creating a vulnerability risk management system.
• Preparing information security risk treatment plans
• Ensuring the integrity and confidentiality of all business information and data processing by reporting on threats identified.
• Defining and maintaining criteria for classifying information and intellectual property
• Directing, monitoring and evaluating information security services in terms of recommending toolsets and managing the performance and value delivery of current solutions for the group.

Key Performance Areas

• Information monitoring Security Strategy
• Develop and implement the Information Security Strategy for the Group.
• Embed processes/initiatives and toolsets in accordance with achieving the strategy.
• Define and maintain all the security governance documents that are required to support the strategy/solutions.
• Document all the process documentation required for the role and create robust processes.
• Information Security Management Plan/policies/standards.
• Keep the information security toolset plan for IT functions agile and current to constantly be able to address risk.
• Create and develop policies and standards to be applied to ensure proper controls are in place
• Information Security Management System
• Embed and manage the ISO 27000 compliance standard and ensure proper processes and structures are put in place.
• Information Security Analysis and Monitoring and resolutions
• Define a process of understanding data flows, categorisations, locations and architecture of servers to fully be able to interpret the outputs of the reports and action accordingly.
• Manage third party interactions and manage alerts appropriately.
• Information Security Operational Assessment
• Be able to conduct risk self-assessments periodically on policy knowledge, applications, infrastructure, project life cycle, processes to ascertain security gaps.
• Manage a vulnerability management system in line with current risk management system.
• Risk and Compliance Management
• Communication with Business risk committee, Business stakeholders

Equity:

Preference will be given to employees from the designated groups in line with the provisions of the Employment Equity Act, No. 55 of 1998, SISA internal recruitment policy as well as units employment equity plans.