Information Security Specialist (Readvertisement) at The South African Weather Service (SAWS)

Key performance areas 

• Maintain the Information Security Framework and underlying policies, procedures, standards and guidelines. 
• Lead the development, maintenance and updating of the Information Security Strategy and Information Security Program 
• Conduct and complete annual reviews and audits as required, engaging both internal and external resources 
• Conduct functional and gap analysis to determine the extent to which key business areas and infrastructure comply with statutory and regulatory requirements. 
• Define and implement key processes and functions required to enable the Information Security Program within the SAWS. 
• Implement, maintain, monitor, and sure effective operation of the Information Security Program within the SAWS. 
• Ensure appropriate administrative, physical, and technical safeguards are in place to protect SAWS information assets from internal and external threats 
• Design and implement IT security systems to protect the organization's computer networks from cyber attacks 
• Monitor computer networks for security issues, install security software and document all security breaches and assess the damage they cause. 
• Fix detected vulnerabilities to maintain a high-security standard. 
• Identify, introduce, and implement appropriate procedures, including checks and balance, to test these safeguards on a regular basis 
• Act as the committed owner of the security incident and vulnerability management processes from design to implementation and beyond 
• Manage and assist in performing on-going security monitoring of information systems, including assessing information security risk through qualitative risk analysis on a regular basis 
• Evaluate and recommend new information security technologies and counter-measures against threats to information privacy and developing security reports and dashboards. 
• Assess and mitigate third party vendor, and information security compliance risks from current and changing business practises, systems, policies, regulations, and laws to ensure secure information handling and exchange processes. 
• Plan, deliver solutions for integration between Cloud and on-premises security solutions (Solutions Architecture experience). 
• Ensure that the disaster recovery and emergency operating procedures are in place and tested on a regular basis 
• Develop, promote and monitor security and governance awareness program. 
• Ensure effective staff training programs are in place to increase security awareness across SAWS. 
• Identifies and reports risks related to working environment 
• Liaise with internal audit to remediate new and outstanding audit issues 
• Liaise with external auditors 
• Responsible for procedures and controls to assure compliance with applicable internal and external regulatory and legal requirements. 
• Enforce ICT policies, procedures, standards and change control compliance 
• Laws and regulations related to Information Security, Cyber Security, Data Protection, and/or Privacy especially where relevant to the Cloud 
• Conduct ICT Security Audit and Risks 

Requirements:

• Degree in Information Technology or equivalent 
• Minimum of 7 years’ working experience in ICT Governance, Information Security, and related fields 
• ICT Governance, Information Security, Compliance & Audit Experience. 
• At least two of CRISC or CISSP or CEH or similar technical security certification 
• Knowledge of SIEM, Identity Governance, Antivirus, Cyber Security threat intelligence and defense evasion techniques. 
• ICT Security Audit and Risks experience (added advantage). 
• Understanding of the general business functions and its inter- relationship and contribution to services and the application. 
• Knowledge and understanding of principles, applications and techniques of electronic data acquisition systems, computer systems, operations, computer hardware and software systems planning, and technical support.