Information Security Analyst at Capita

Job Description

We’re supporting our clients as they adapt to a new world in the wake of COVID-19. We’re now recruiting for roles which will help our clients to deliver vital services and to resume business wherever possible.

Info Security Analyst

Role Objective

• Implement & govern the ISO 27001 and PCI DSS certifications for the Organization
• Conducting security reviews in line with the Client requirements for various business units
• Conducting Info-sec training for all Businesses across locations
• Review and update policies, procedures and guidelines based on new technologies, processes and Business requirements in line with the security requirements of the organization
• Conduct Information Security and PCI DSS audits (Internal)
• Support external certification audits
• Perform VA, PT and other technical activities including cloud security reviews, etc.
• Keeping abreast with changes in security requirements with existing and emerging technology

Key Responsibilities

• Support with the risk assessment exercise across functions
• Conducting security reviews in line with the Client requirements for various business units
• Conducting Info-sec training for all Businesses across locations
• Review and update policies, procedures and guidelines based on new technologies, processes and Business requirements without compromising on the security of the organization
• Lead Information Security and PCI DSS audits (Internal and certification)
• Perform VA, PT and other technical activities including cloud security reviews, etc.
• Lead the Vulnerability Assessment assignments
• Incident management
• Support in due diligence for existing and new clients
• Keeping abreast of industry guidance and notifications on new vulnerabilities and issues raised by Industry experts, analysing with Capita South Africa IT set-up, communicating the same with IT for resolution.

Key Result Areas

• Enhanced engagements with business regarding effective maintenance of ISMS documents as per the assurance calendar
• Accuracy of risk assessments and reviews around Information Security
• Information Security Breach/Incident identification and resolution
• On-time and accurate reporting
• Timely escalations
• On time Query resolution
• Reporting, Tracking and Monitoring timely closure of observations from the technical assessments and audits by the respective departments
• Guidance from Industry experts are appropriately received and resolved by IT in a timely manner.

TCF and Conduct Risk Competence

TCF is about putting yourself in the place of the customer and considering whether you would regard yourself as having been treated fairly on the basis of a Firm’s actions.

The Consumer Outcomes Are

• Outcome 1: Consumers can be confident that they are dealing with firms where the fair treatment of customers is central to the corporate culture.
• Outcome 2: Products and services marketed and sold in the retail market are designed to meet the needs of identified consumer groups and are targeted accordingly.
• Outcome 3: Consumers are provided with clear information and are kept appropriately informed before, during and after the point of sale.
• Outcome 4: Where consumers receive advice, the advice is suitable and takes account of their circumstances.
• Outcome 5: Consumers are provided with products that perform as firms have led them to expect, and the associated service is both of an acceptable standard and as they have been led to expect.
• Outcome 6: Consumers do not face unreasonable post-sale barriers imposed by firms to change product, switch provider, submit a claim or make a complaint.

Minimum Requirements

• Matric
• ISO 27001 LA, PCI DSS trained, CEH (preferred)
• PCI DSS implementor/trained

Minimum Experience

• Minimum 2-3 years of experience in the Information security domain with leading Organizations

Key Competencies

Skills and Abilities: (what must I be able to do / display):

• Great technical ability
• Ability to adapt and work in a diverse culture with colleagues across the world
• Adaptability of approach – flexibility with a desire to achieve goals
• Excellent problem solving
• Strong numerical background
• Strong proactive approach to work, with a can-do attitude
• Ability to build relationships and networks at all levels
• Great communicator, with excellent interpersonal ability
• Excellent planning, organizational and analytical skills
• Good commercial awareness
• Excellent attention to detail
• Ability to demonstrate results to reflect quality and timely delivery
• Good understanding of call centre type statistics and systems
• Independence – required to work on own initiative and without supervision, expected to act independently
• Teamwork – required to integrate and work collaboratively within the planning team.

Management/Supervisory Responsibility

• This role does not have a supervisory responsibility