Information Security Analyst - Kimberley at Sol Plaatje University

Minimum Requirements    

• Bachelor's degree in information security or a similar field
• Cybersecurity certification advantageous
• 2-3 years' experience in either an information security position or in cybersecurity
• Proven knowledge of information security standards, rules, and regulations including International Organization for Standards (ISO) 27001, 27002, National Institute of Standards and Technology (NIST), and others Cloud security platforms
•  In-depth knowledge of Cloud security platform(MS Intune /O365)
• Firewalls and malicious code defense including APT.
• Cybersecurity technical assignments, standards, tools, and processes. 
• Common attack vendors.
• Vulnerability assessment tools (Nessus,Nmap).
• Endpoint and network security tools or techniques.
• Willingness to work outside normal hours
• Driver’s license

Recommendations    

• Relevant certification such as CISSP, CISM, CEH or GIAC are an advantage

Duties & Responsibilities    

• Analyses and validates vulnerabilities then plan remediation activities 
• Schedules and performs regular vulnerability scanning activities in the corporate network 
• Reviews security vulnerabilities to identify risks to computing assets
• Provides technical vulnerability analysis and remediation options
• Reduces vulnerability by improving remediation and patch management process
• Ensures familiarity with Qualys and Nessus vulnerability scanner
• Reports and presents findings to a non-technical audience
• Assisting with the development and updating of cybersecurity-centric policies and procedures
• Assists with establishing network device implementation best practices, while providing guidance to others.
• Information Security and related risk assessments, as well as remediation plan development
• Identifying, raising and managing security risks through the appropriate risk life cycle
• Proactive risk management and engagement with business partners.
• Implement a systemic and structured information risk assessment process.
• Conduct business impact assessments periodically.
• Conduct threat and vulnerability evaluations at an ongoing basis.
• Identify and periodically evaluate information security controls and countermeasures to mitigate risk to acceptable levels.
• Integrate risk, threat and vulnerability identification and management into life cycle processes (e.g., procurement).
• Report significant changes in information risk to appropriate levels of management for acceptance on both a periodic and an event-driven basis.
• Lead discussions with internal stakeholders to ensure remediation efforts adhere to Company standards
• Assists with PCI and ISO compliance reviews, as needed.
• Conducts periodic user access reviews in conjunction with department heads
• Assist in updating existing Information Security Policies and Procedures.
• Reviews network security audit logs (e.g., firewall, IDS, etc.) periodically. 
• Evaluate compliance with established security controls.
• Supports information security projects and initiatives internal and external resources (e.g., finances, people, equipment, systems) required to execute the information security program.
• Ensure that processes and procedures are performed in compliance with the university’s information security policies and standards.
• Ensure the performance of contractually agreed (e.g., with joint ventures, outsourced providers, business partners, customers, and third parties) information security controls.
• Ensure that information security is an integral part of the systems development processes and acquisition processes.
• Ensure that information security is maintained throughout the university’s processes and life cycle activities.
• Provide information security advice and guidance (e.g., risk analysis, control selection) in the university.
• Provide information security awareness, training and education (e.g., business process owners, users, information technology) to stakeholders.
• Monitor, measure, test and report on the effectiveness and efficiency of information security controls and compliance with information security policies.
• Ensure that noncompliance issues and other variances are resolved in a timely manner.
• Implement processes for preventing, detecting, identifying, analysing, and responding to information security incidents.
• Maintain lines of authority to escalate and communicate processes
• Maintain plans to respond to and document information security incidents.
• Maintain the capability to investigate information security incidents (e.g., forensics, evidence collection and preservation, log analysis, interviewing).
• Maintain agreed process to communicate with internal parties and external organizations (e.g., media, law enforcement, customers).
• Integrate information security incident response plans with the university’s disaster recovery and business continuity plan.
• Organize, train and equip teams to respond to information security incidents.
• Periodically test and refine information security incident response plans.
• Prioritise the response to information security incidents.
• Conduct reviews to identify causes of information security incidents, develop corrective actions and reassess risk.