Cryptography Specialist at Absa

Our Converged Security Office prides itself in its unique structure that sees an integration and collaboration model between our Information Risk, Cyber, Resilience, Physical Security & Forensics teams to ensure effective risk management across all disciplines.

You will provide support and advice in relation to cryptographic services used within Absa. This includes the execution of key and certificate management process and controls. You will also be assisting with shaping the strategy for and delivering core Crypto information security technologies for use across the Bank.

Job Description

What you’ll get to do:

The role is within the CSO, with you reporting into the Head of Crypto and your responsibilities will include the following:
 

• Assist with the evaluation, design and delivery of major new Crypto security technologies across Absa
• Using technical experience and knowledge of the business and processes, produce innovative solutions designed to improve the Group’s information security posture, increase operational efficiencies and reduce operational costs
• Maintain the Crypto information security technology strategy, showing appreciation for the challenges presented by different business units and geographies making up the whole of Absa group, and work with other technology architects to ensure alignment to broader architecture strategies
• Assist virtual teams of security and technical specialists to integrate existing Crypto security technologies that have been independently deployed into different business units, ensuring the delivery of a single, high-quality, cost-effective solution
• Receive approved change request from business unit on ServiceNow e.g. if an infrastructure change is required or if infrastructure needs to be upgraded with new functionalities and arrange for appropriate custodians to be available to perform upgrade
• Maintain Crypto Hardware to effectively maintain all crypto infrastructure to ensure that they are on the latest patches and software
• Decommission Crypto Hardware Infrastructure by removing the logical keys, clearing the database and memory in the event of new hardware or to replace faulty infrastructure
• Ensure security and compliance controls are met when creating, replacing, decommissioning and destroying keys as per specified Absa, MasterCard and Visa requirements
• Implement and manage PKI by configuring hardware to ensure secure issuing of all certificates
• Obtain a thorough understanding of the business unit’s strategy and explain it to team members in such a way that they understand the contribution they have to make

What do you need to get in?

• B Degree Information Technology
• CISSP (Certified Information Security Specialist Professional)
• 2-5 years’ experience in Cryptography related infrastructure
• 3 years’ experience in supporting Hardware Security Infrastructure
• 3 years’ experience in Security technology and processes
• Excellent understanding of security strategies and technologies including secure network design, server hardening, secure web services, compliance auditing, secure software development lifecycles, security monitoring, and encryption
• Demonstrable strong knowledge of one or more Cryptography platforms or networking
• Deep understanding of the security mechanisms associated with one or more of windows or Unix operating systems, IP networks, web based applications and databases is essential
• Previous experience of working in an information security architecture, engineering or project delivery function
• Knowledgeable about existing best practices for integration of security controls
• Able to make technology recommendations supported by documented results of vendor product assessments and technical evaluations.
• Stays informed on security vendors, specific product histories, trends and directions. Is considered a subject matter expert on a broad range of information security concepts, technologies and products
• Able to work independently with limited management oversight, but with sufficient experience to know when to escalate issues or concerns
• Work with the business and project team(s) to ensure residual risks are adequately mitigated to the degree that meets the risk appetite of the business