Information Security Specialist at BCX

Information Security Risk Management:

• Report on Enterprise Information Risk
• Research Identify and Assess Information threats to business (New and existing)
• Project and Change Consultation and Assessment of Risk
• Information Risk assessment, rating, management, and resolution
• Represent Information Security in Governance and Business processes
• Monitor Assess and Report on Operational Security Assurance process

Information Security Governance:

• Create/Maintain/Communicate Information Security Policies and Standards
• Ensure Regulatory and Security Policy Compliance and Business Risk alignment
• Manage Policy review, update and approvals process
• Support Security Governance Forum and ISMS Processes
• Maintain Information Security Strategy ensuring Business Strategy Alignment
• Ensure Information Security Awareness of Policy and Business Risks
• Information Security Architecture:
• Ensure Enterprise Security Architecture aligns with business requirements and risks
• Advise and recommend Technical Security direction in support of Enterprise Security Architecture
• Define, Assess and Communicate Information Security elements within Business and IT Architecture
• Information Security input to Business cases and projects
• Ensure Information Security Architecture requirements are met within all systems and processes

PCI:

• Ensure compliance to processes and procedures with PCI DSS 3.2
• Act as liaison between the PCI QSA and all technical teams
• Ensure Technical support teams collect evidence and perform tasks as per PCI DSS requirements
• Ensure adequate audit trails exist for the detection, investigation and correction of information security breaches, violations and other incidents

 EDUCATION:

• Matric and relevant tertiary qualification
• Preferred: CISM, CISSP, CISA, SABSA, PCI Qualified Security Assessor
• Optional: ISO 27001 Certified ISMS Lead Implementer, CRISC CoBIT, TOGAF, ITIL,

EXPERIENCE:

• Five years or more practical experience in IT or Information Security, which must include an IT, Network or Information Security role, with the last three years in an active Information Security or Information Risk management role.