Consultant Information System Security at SITA SOC (Ltd)

Purpose of the job

• To provide information security services including threat and risk management, solution architecture design, secure configuration, security operations management (e.g. quality, change, incident, problem management, capacity planning, etc.) incident response, vulnerability assessment and assurance management, governance, compliance, performance and service continuity management.

Key Responsibility Areas

• Design and implement security standards and procedures in systems and security policies and guidelines for all system security processes.
• Secures assets in the information system by defining and addressing possible and real security problems.
• Conduct, monitor and maintain threat and vulnerability assessments on a regular basis to minimize associated risk and improve the security capabilities within operational implementation, such as ICT infrastructure linked to SITA managed networks.
• Manage implementation of information security awareness and training programmes for employees and clients.
• Coordinate ongoing activities related to the development, implementation, and maintenance of information security controls and services aligned to the cyber security framework, policies, standards and procedures.

Qualifications and Experience

• Required Qualification: 3-year National Diploma / Degree in Computer Science or Information Technology or Network Management or a relevant discipline NQF level 6 qualification.
• Certification: Professional IT security management certification e.g. CISSP ITIL Foundation, CoBit Foundation or CISM, GIAC, CCNP, ISACA CRISC CCSP: Certified Cloud Security Professional Advanced certifications such as SANS GIAC/GCIA/GCIH, CISSP or CASP and/or SIEM specific training and certification will be an advantage. Certified information system security professional (CISSP) or Certified Information Security Management (CISM), would be an added advantage.
• Experience: 6 - 7 years ICT Infrastructure or application development experience including IT Security working experience.

Technical Competencies Description

• Knowledge of: System Engineering methods and Governance. Working knowledge of Enterprise architecture framework (TOGAF; Zachman; FEAF; MODAF; GWEA Framework; MIOS) Proven experience in working with Governance Processes and Standards (ISO 9001; ISO 27001/ 27002; ISO 12207 (SDLC); ISO 42010; COBIT; ITIL; UML). Knowledge of 7/10 CISSP domains Service Oriented Architecture (SOA). Working knowledge of Information System Security Technical Standards (e.g.: PKI, IAM, Cryptography). Exposure to ICT security architecture in a specific CISSP domain. Planning, designing and validating skills related to architecting security solutions. Detailed knowledge of the SOPs of the area/discipline the jobholder is works in (HR, Finance, IT, etc as well as how to apply it. ICT Policy and Strategy Management.

Deadline:18th March,2026