Information Security Officer L2 - Houghton at SBV Services (Pty) Ltd.

Description
Support Technology Strategy & Innovation

• Participate in the development and maintenance of a Cyber Security Road Map and SBV Technology Security Best Practices.
• Assist in improving the efficiency and maturity of the Cyber Security team by finding innovative, problem-solving solutions.
• Keep track of ongoing information security threats and the latest technologies, remediation/mitigation steps, and network, firewall, and VPN performance monitoring, and provide recommendations as necessary.
• Compile business cases outlining preferred toolsets and present them to the Information Security Officer for approval.

Execute Analysis & Design Activities

• Design, architect and implement security technology solutions in collaboration with key stakeholders.
• Gather client requirements and develop draft project plans for basic and intermediate complexity program design.
• Define the desired outcomes and success criteria as a baseline for post-project reviews and positive measurement.
• Provide project risk management consulting and technical reviews, draft mitigation plans, and complete assigned tasks.
• Develop draft cyber security procedures and or policies and submit to the Information Security Officer for review and approval.

Technical implementation in own area

• Conduct security and evidence and vulnerability assessments, and report on security control and preventative measures.
• Evaluate and implement data encryption, firewalls, and other appropriate security tools and applications for concealing and protecting transfers of confidential digital information.
• Determine the root cause of security breaches and provide findings and recommendations to the Information Security Officer.
• Maintain fit-for-purpose information security controls to meet the needs of system and program changes or upgrades.
• Analyse system logs to identify recent clues in the event of a breach or suspected data loss incident for investigative purposes; and provide findings in the form of a report to the Information Security officer.
• Conduct internal and external security reviews and assessments through interviews, toolkits, and aggregation of data to provide recommendations for closing any gaps in the process or system.
• Provide guidance and lead the response to identified security threats to meet or exceed defined service level agreements, escalating where necessary.
• Apply industry recognised and company approved control frameworks to identify and mitigate information security risks or incidents and prepare accurate documentation pertaining to the resolution process.
• Manage and monitor logical access reviews of systems to verify unauthorized access, modification, and destruction.
• Develop network and intrusion prevention systems for daily monitoring and remediation of security breaches, investigating any violations and reporting them to the Information Security Officer.
• Provide input to the development and implementation of information security risk control policies and frameworks.
• Drive and maintain compliance of information security systems against SBV’s standards and best practices.
• Review information and prepare reports pertaining to security breaches and system compliance across the technology landscape.
• Configure and monitor security alerts related to incidents and disasters in a proactive manner to minimise the likelihood of a breach on the environment.

Quality Management

• Drive vulnerability testing, risk analyses and security assessments and provide findings to the Information Security
• Officer.
• Comply with the core concepts and measures of risk management, including vulnerability management and threat intelligence.
• Coordinate and drive the development of collaborative cyber security programs throughout all operational activities. This includes event and incident investigation, process development and optimisation, playbooks, and exercise development.
• Put in place systems, processes, and controls to maintain that there are no material data breaches and no findings in audits.
• Monitor and drive adherence to the internal control framework across the Technology department.
• Maintain compliance with standards and best practices for information security configuration.

Risk Management

• Serve as the interface between vendors and business units during audits, assessments, or security reviews.
• Advise on regulatory, compliance (POPI, PAIA, etc) and/or legal requirements relating to securing data.
• Drive compliance and actions regarding Information Security, disaster recovery and business continuity planning.
• Manage the risk registry, audit findings report and implement identified corrective actions in time.
• Close out audit findings for the department, providing regular feedback.

Vendor Management

• Manage vendor deliverables to assure quality and consistent security controls against SLA as per mandate.
• Support with managing vendor resource deliverables to maintain quality and consistency of services.
• Audit vendor services and report on non-performance or execution deficiencies to the Information Security Officer.

Customer Management

• Support and guide system users regarding new security products and procedures.
• Implement cybersecurity training in conjunction with Organisational Development and escalate non-compliant staff.
• Deliver security awareness through facilitating the orientation, educational programs, and on-going communication.
• Develop, document, and distribute how-to guides and update the internal knowledge base.
• Facilitate orientations, educational programs, and ongoing communication to drive security awareness.

Effective teamwork and self-management

• Train, mentor and provide guidance to Level 1 Information Security Officers.
• Maintain good time management to handle several projects at once.
• Plan and prioritise competing demands, demonstrating the ability to manage them.
• Protect and maintain the confidentiality of critical business systems and data.
• Adhere to SBV's development standards and principles.
• Stay abreast of industry and technological changes and trends within own area of expertise.
• Live the organization culture within one’s centre
• Live the department’s values while inspiring confidence and generating excitement, enthusiasm and commitment towards the mission

Requirements
Minimum Requirements: Work Experience

• 5 years of experience in Information Security or Cybersecurity, which includes:
• 3 years of experience in information security management, risk management and control frameworks and processes.
• 2 years of experience in Cybersecurity technical assessments, standards, tools and processes
• Ethical Hacking experience (Advantageous)

Minimum Requirements: Education 

• Degree in Computer Science, Management Information Systems, or related field
• Understanding of ICT audit frameworks and methodologies
• Understanding of POPIA and PAIA requirements
• Microsoft Office Suite
• Firewalls and Malicious Code Defence including APT
• Endpoint and network security tools/techniques
• Knowledge of ICT project management principles (e.g., Agile)
• Understanding of Software Development Life Cycle (SDLC)