Information Security Specialist at Mukuru

About the job

• An awesome opportunity is available to join our IT Team as an Information Security Specialist, based in Cape Town. The Information Security Specialist supports the Information Security Officer in implementing the Mukuru information security programme and to improve, maintain and assess security measures across the business. Reporting directly to the Information Security Officer, this role is to ensure security controls are implemented and managed across Mukuru’s production application stack and infrastructure to improve the overall security posture while maintaining the security integrity of the Mukuru brand.
• As Information Security Specialist, you will function as a technical advisor and analyst to interrogate tech across the company as well as implement security measures, drive compliance, improve security hygiene and resolve issues by responding to IT threats and vulnerabilities. You will maintain controls to protect unauthorized access, disclosure, modification, and deletion of Mukuru’s information, resources and networks. You have an eye for detail and are always looking to improve Mukuru’s overall security position. This includes conducting routine security risk analysis, balancing business needs against best practice, monitoring vulnerabilities and record and mitigate risk.
• This role suits a technically inclined individual who enjoys interacting with people and is self-driven with interest in automation and integration. This is a combination role of both engineering and analysis with a foot in architecture. Internal liaison takes place with technical teams across the business, including IT operations, Dev Ops, Product Owners and Development Teams as well as Compliance and HR. External liaison takes place with managed service providers, security vendors, regulators, and partners.

Duties and Responsibilities (include but is not limited to):

• Security Architecture
• Review current security controls and recommend and implement improvements
• Ensure security tooling is implemented, maintained, and uplifted
• Create and maintain technical security standards and procedures
• Testing and evaluation of security tools and services
• Build monitoring and alerting capabilities to proactively monitor for security breaches and threats
• Integrate security tools into the existing environment
• To conduct IT security audits across the business
• Conduct penetration testing, running scans, simulating attacks on the systems to find exploitable weaknesses
• Identify potential areas of risk that need to be addressed
• Develop and implement SOPs where required
• Maintain effective access controls across the business
• Security Monitoring and response
• Investigate security breaches, including root cause investigations
• Lead incident response, including steps to minimize the impact and then conducting a technical and forensic investigation into how the breach happened and the extent of the damage
• To mitigate future IT security risk
• Maintain current knowledge of cyber security incidents and trends
• Keep up to date with the latest industry trends, tools, and standards
• Research new technologies and approaches in order to ensure best practice is applied
• Identify innovative approaches to ensure world-class security measures are in place
• To compile monthly reports on IT security management
• To manage own professional and self-development

Key Requirements:

• Grade 12 or equivalent (Essential)
• Tertiary qualification in Computer Science or related field (Essential)
• Recognised industry Certifications such as CISSP, ISSAP, CISM, ISO 27001, OSCP, CEH
• 5+ years’ experience in IT systems security (Essential)
• Experience in IT Operations, DevOps or DevSecOps (Desirable)
• Banking/Fintech background (Desirable)
• Knowledge of IT systems and network security
• Knowledge of Cloud Platform security
• Knowledge of Container and Software security
• Knowledge of vulnerability scanners, Anti-malware, EDR, etc
• Knowledge of Frameworks such as ISO27001, BSIMM, MITRE, CIS20, OWASP, etc
• Knowledge of Industry standards such as PCI, POPIA, EBA, etc

Additional Skills:

• Multitasking skills
• Computer skills
• Attention to detail
• Analytical skills
• Ability to work fully independently