Information Technology Security Specialist at Sun International

Job Purpose

The IT Security Specialist will be responsible for protecting Sun International’s technology assets and information, data and intellectual property regardless of the location by developing and updating security plans, frameworks, policies and tools, and continuously managing, monitoring and evaluating system controls and access management with the aim of mitigating risk, in line with business and regulatory requirements.

This is done through security assessments; security authorisation, security planning, security policy development, security training, vulnerability assessments, security controls testing and risk assessments. The role is also required to implement controls, conduct security awareness training, research new security tools and best practices and direct IT teams on how best to protect corporate assets.

Education

• Bachelor’s degree in Information systems or equivalent
• Information Security Certification such as CISSP, CISM, CEH, CCSP

Experience

• Minimum of 6 years’ experience in an IT security environment, including cloud security.
• Extensive experience in cyber security technologies (SIEM, DLP, HIPS, AVs), preferable Microsoft EMS, McAfee, Darktrace, Mimecast.
• Experience in cyber threat monitoring and response, threat remediation and threat intelligence

Skills and Knowledge

• Technical background with a variety of computer hardware, software, communication systems including system integration, network architectures and physical logical communication systems / devices
• Ability to conduct security testing with various tools, like Nessus, F-Secure
• Experience in creating and reviewing IT security policies for compliance
• Knowledge of security best practices such as; defence in-depth, least privileges, need-to-know, separation of duties, access controls, encryption etc.
• Strong team player
• Quick thinker and problem solver
• Decisive with decision making
• Clear communicator
• Resilient and stress tolerant

Key Performance Areas

Operational

• Manage the day to day operational security environment in close collaboration with all IT Managers;
• Conduct security scans and vulnerability management (internal and external environment) and manage closure of vulnerabilities;
• Design appropriate security controls library for IT infrastructure, applications and systems;
• Review systems and applications for security risks and ensure they are mitigated by IT / Business owners;
• Establish, oversee and enforce relevant access controls to ensure that only the right people have access to required information;
• Manage the end to end lifecycle of any potential or actual security incident;
• Identify, investigate and report on suspected security breaches and manage resolution with key stakeholders;
• Review an analyse logs from our internal Security Operations Centre;
• Assess Sun International’s security measures, such as firewalls, anti-virus software and passwords, to identify any weak points that might make information systems vulnerable to attack;
• Perform ongoing health-checks and test the effectiveness of the IT security environment;
• Perform gap analyses to examine existing processes and technologies and discover loopholes leading to poor information security quality and improvement opportunities;
• Oversee security testing of new or enhanced products to ensure information security requirements are met;
• Stay current with incident response, digital forensics methodology, the associated legal requirements and threats applicable to the South Africa;
• Identify, implement and monitor security controls required for new digital products, including blockchain technology, mobile IT, Devops.

Governance

• Assist with reviews performed by Internal and External Auditors;
• Report, escalate and address non-compliance to defined incident response processes and procedures;
• Review IT security standards and policies for relevance and effectiveness as the security landscape changes;
• Develop and implement key processes and procedures to incorporate security throughout the SDLC process;
• Develop, manage and report on audits conducted relative to standards and policies for maximized information management, including the communication and implementation of remedial actions.

Strategic Input

•  Research, evaluate, recommend, implement, support and maintain Sun International’s information and cyber security tools and technologies;
• Analyse deficiencies / gaps in the current IT security posture, motivate for investments and lead security projects to rectify these;
• Research and drive new security control initiatives and improvement of existing technologies and processes;
• Research new or emerging technologies and processes that may be incorporated as solutions to recurring security concerns;
• Research emerging security threats and assess business impact and exposure.

Equity

Preference will be given to employees from the designated groups in line with the provisions of the Employment Equity Act, No. 55 of 1998, SISA internal recruitment policy as well as units employment equity plans.