Senior Security Information Specialist at Nexio

ROLE PURPOSE

The incumbent will be responsible for coordinating, implementing and maintaining information security technologies, standards, procedures and processes required to ensure that the Nexio and the client has adequate information security operations controls. In addition, the specialist will ensure that the controls are regularly measured and monitored for effectiveness.

In addition to the above the candidate must demonstrate experience and expertise responsible for Customer Service Level Management:

• Contracts
• Solutions architecture
• Customer service reporting/engagement
• Service Governance
• Maintain current technical and operational information security skills including keeping abreast of evolving technologies and trends.
• Provide technical guidance on products and information security controls.
• Drive and support the process to review, select and deploy appropriate information security technologies;
• Implement, support and assist the CSIR with the understanding of and compliance with the information security policy, standards, processes and procedures;
• Support the maintenance and operations of the information security management system;
• Support information security risk and audit activities, and conduct information security risk assessment or review activities
• Ensure compliance and alignment of all information security operations with the overall information security governance framework, recommend and drive improvements;
• Evaluate and/or test solutions/systems and ensure appropriate information security requirements and controls have been considered and incorporated into these, where necessary support the remediation of findings;
• Support the information security awareness and training programme and participate in related events and activities;
• Participate in the information security incident management process;
• Support and drive information security investigation

ROLE REQUIREMENTS

• Use defence measures and information collected from a variety of sources to identify, analyse, and report events that occur or might occur within the network to protect information, information systems, and networks from threats
• Conduct event analysis on captured user, computer, communication, and network security events using a suite of security tools and system security features to determine security vulnerabilities, policy violations, malicious behaviour, and/or conduct security incident analysis
• Monitor and evaluate a system’s compliance with Information Technology security requirements in accordance with SOX security controls
• Provide full characterization of information system security environments, including system connectivity, in terms of administrative, technical and organizational factors concerning continuous monitoring techniques and methods, and develop risk management alternatives for securing environmental requirements and problems
• Develop information system risk-management alternatives and changes by applying expert judgment and ingenuity in interpreting information and providing recommendations or making decisions which impact insider threat/continuous monitoring policies and programs
• Advise management of assessed problems relating to ongoing insider threats to organisational information security activities
• Provide comprehensive technical reports based on analytical findings
• Assist in the management of enterprise computer network defence systems
• Advise management of assessed problems relating to organizational information security activities, to include insider threats and computer security incident response procedures
• Participate in interagency working groups and committees
• The role requires the individual to demonstrate technical centre of excellence and subject matter expertise in agreed security subject areas in customer scoping sessions, and in customer projects.
• The role requires the individual to operationally deliver on SLA-based managed security services in security operations environments
• The role requires the individual to identify security opportunities in current customers or prospective customers by knowing and promoting the approved Cybersecurity Offerings.

Additional information: 

• Individuals at this level have fully developed knowledge of the business, marketplace and clients. Is recognized as an expert in own area within the organization
• Interprets internal or external business issues and recommends best practices. Provides technical guidance to more junior levels of staff
• Able to build strong interpersonal relationships with peers, brand leaders, and other senior management throughout the company
• Able to be a “big picture” thinker
• Excellent leadership, team building, and management skills
• Encouraging to team and staff; able to mentor and lead
• Excellent verbal and written communication skills
• Able to align multiple strategies and ideas
• Confident in producing and presenting work
• In-depth understanding of the industry

JOB SPECIFIC REQUIREMENTS

• The role requires the individual to adopt these values and behaviours in the interest of building a capable and competitive Cybersecurity Division:
• Responsive to reasonable customer, supplier, peer, and line management requests
• Attention to detail given that your inputs and deliverables are subject to quality reviews before being submitted to customers
• Proactive, innovative and reliable
• Put the customer first
• Do things right first time
• Positively contribute to this high-performance team
• Go the extra mile in the best interest of the company
• Develop positive and productive relationships with peers and customers
• Demonstrate emotional intelligence, and act with integrity
• Has demonstrated the ability to work well with others, high performance team work ethic
• Excellent communicator and collaborator
• Willingness to learn range of security technologies and platforms
• Positive attitude
• Delivering results and meeting customer expectations
• Following business-relevant instructions and procedures
• Learning and researching in various areas in cybersecurit

QUALIFICATION & EXPERIENCE

• A Bachelor’s degree in Information technology/systems, computer science, computer/ electronic engineering or related field with at least eight years’ information technology experience, of which five years must be in information security;
• Must be in possession of a security clearance certificate or be prepared to undergo a clearance process, nothing should preclude the individual from obtaining security clearance;
• One or more these industry Cybersecurity Certifications: CISM, CISA, CISSP-ISSEP, CISSP-ISSAP, GIAC Certified Incident Handler (GCIH), Certified Computer Security Incident Handler (CSIH), CEH, OSCP, CompTiA

 Additional requirements:

• Working hours Mon. – Fri. 08h00 – 17h00 (note: offsite working is discouraged unless permission is granted by the line manager for exceptional reasons)
• Must be prepared to work overtime or be allocated to standby
• Driver’s license and own transport required

COMPETENCY REQUIREMENTS

• Excellent oral and written communications skills
• Strong analytical and organizational skills.
• Concise writing skills, excellent MS Word skills as well as other MS Office Applications.
• Experience with securing various environments preferred.
• Experience in working across security frameworks.
• Experience in working across security technologies.
• Possess very good knowledge of technological advances within the information security area
• Demonstrate in depth solution and service knowledge
• Demonstrate analytical thinking and a proactive approach
• Consistent customer satisfaction focus