Junior Specialist: Information Security at Auditor-General of South Africa

Strategic Function

• Support the implementation of the business unit balance score card projects and initiatives.

Product management

Audits and risk management:

• Communicate risk and audit findings clearly and effectively to both technical and non-technical stakeholders.
• Drive the remediation of identified security issues and vulnerabilities by collaborating with relevant stakeholders and technical teams.
• Monitor the progress of remediation efforts to ensure timely and effective resolution of issues.
• Track and report on the status of remediation activities, ensuring that corrective actions are completed and validated.

Content Filtering:

• Administer and monitor a spam management solution in order to minimise the amount of spam received by the AGSA employees.
• Administer and monitor the filtering of harmful email attachments received from external sources at the gateway (firewall).
• Administer and monitor filtering of harmful and non-business-related email attachments received from internal and external sources at the relevant mail server.
• Administer and monitor filtering for all users browsing the Internet restricting access as per business requirements.

Security Administration:

• Monitors the application and compliance of security administration procedures and reviews information systems for actual or potential breaches in security.
• Ensures that all identified breaches in security are promptly and thoroughly investigated and that any system changes required to maintain security are implemented.
• Ensures that security requirements, policies and procedures are adhered to.
• Investigates major breaches of security and recommends appropriate control improvements.
• Ensures overall security administration within the AGSA.

Firewall Administration and Anti-Virus Management:

• Monitor gateway firewall for malicious activity and restrict network access using the firewall policy as per business requirements.
• Administer and monitor the firewall to prevent virus attacks from an external source.
• Scan all emails from external and internal sources for viruses and malicious attachments at the Microsoft Exchange server.
• Administer and maintain an enterprise-wide desktop-based Anti-Virus client and ensure that all clients have the most recent updates.

Access Administration and User support:

• Administer and maintain access to central server network shares as per requests from business.
• Administer and maintain a remote access system (SSL VPN) for AGSA users.
• Provide second-line support to AGSA users with any Information Security related queries within the SLA time frame.
• Research security software and hardware as determined by the ICT security line manager/ senior management.
• Administer, maintain and update an access list of all server usernames and passwords stored in a secure location.
• Provide input on security related software and hardware to ICT Security line manager or senior management for budgeting purposes.

Encryption:

• Administer and provide data encryption to AGSA staff on secure audit projects as per business requirements.

Vulnerability Management

• Takes a comprehensive approach to seeking vulnerabilities across the full spectrum of organisation policies, and processes to improve organisational readiness, improve training for defensive practitioners, and inspect current performance levels.
• Takes responsibility for the management of all vulnerability testing activities within the organisation.
• Coordinates and manages planning of penetration tests, within a defined area of business activity.
• Delivers objective insights into the existence of vulnerabilities, and the effectiveness of mitigating controls - both those already in place and those planned for future implementation.
• Takes responsibility for the integrity of testing activities and coordinates the execution of those activities.
• Provides authoritative advice and guidance on the planning and execution of vulnerability tests.

Stakeholder Management

• Maintain effective relations with both internal and external stakeholders.
• Manage the feedback process to stakeholders by tracking all queries received, getting the relevant information and formulating appropriate responses according to the approved protocol.

People Management

• Manage own performance to drive productivity.
• Participate and/or take in the business unit transformation/culture plans.
• Provide support to the management team with regard to centre management and other people related tasks.

Financial and Operational Management

• Ensure compliance to AGSA policies and procedures.
• Ensure compliance with internal processes and procedures.
• Manage supply chain processes within scope of work.

Other responsibilities (Applicable to All JD’s)

• Perform and/or manage other projects, tasks and assignments not stipulated on the Job description as and when required.

Formal Education

• This position requires a minimum of a National Diploma in Information Technology or a related qualification (NQF Level 6) and a Security+ certification or any security-related certification.

Experience

Minimum of 3 years’ experience in Cyber/Information Security with exposure in at least five of the following:

• Application Security
• Anti-Virus Systems
• Access Management
• Audit and Risk Management
• Defensive/Offensive Security
• Email Content Filtering
• Firewall Systems
• Intrusion Detection Systems
• Patch Management
• Security Testing
• Web Content Filtering