Senior Specialist Cyber Security Baseline at Vodacom

The Purpose Of This Role

The purpose of the role is to manage and lead the Technology Security Cyber Security Baseline Assurance needs across Vodacom Group. To further provide security assurance, guidance and support to high profile projects according to company defined policies and requirements, best practice and local/international standards (PCI, SOX, ISO27001, GDPR, POPIA and Cyber Crime Bill of 2015) relevant to the technology security area. This role requires the individual to have credible experience in Information Security and Cyber Security Governance, Risk and Assurance based on proven frameworks such as COBIT 5, ISO27001/2, and the NIST Cybersecurity Framework. As a key member of the Vodacom Group Technology Security team, the candidate should be comfortable with driving information security assurance ideas and communicating clearly with technical as well as non-technical audiences.

Closing date: 06 July 2020

Your Responsibilities Will Include

• Provide supervisory technology security assurance, guidance and support to the Vodacom Group
• Assure that security is embedded in IT System and Network Infrastructure (Mobile, IS and Enterprise) across the Vodacom Group
• Defining, implementing and efficiently maintaining technology security controls and requirements
• Ensure timely delivery of technology security assurance and support for projects
• Ensure compliance with Legal and Regulatory requirements
• Provide SME input to Technology Security Policy requirements and procedures
• Support Technology Security awareness programs and educational efforts
• Provide accurate and timely reporting of technology security risks identified during project engagement and propose remediation and mitigation options
• Fulfil key customers’ obligations and stakeholders’ expectation
• Participate in creation and execution of technology security strategy
• The role requires the individual to monitor information security governance, risk, and compliance by Vodacom Corporate IT, Mobile and Enterprise Business domains
• Engage with the stakeholders on control effectiveness and deficiencies in the design and operating effectiveness of information security controls, design and recommend opportunities for continuous improvement;
• Interpret and manage the controls and capabilities required for Vodacom to establish and comply with an information security management system in alignment with information security international best practice and/or industry standard(s);
• Develop, manage and implement the Vodacom information security audit and assurance plans and schedules, including any specific business needs and requirements (including PCI, ISO27001, GDPR, POPIA, Cyber Crime Bill)
• Manage and conduct formal information security risk analyses, reviews, tests, audits and/or self-assessments;
• Design appropriate remedial actions for identified risks, drive remediation of findings and management of risks and exemptions;
• Participate in IT general controls and compliance testing activities and/or audits;
• Report information security risks in an appropriate way for different audiences;
• Collaborate with various key stakeholders, and provide information security advice to stakeholders

The Successful Candidate Will Have

• Bachelor’s Degree or National Diploma in Computer Science, Information Systems or other related field
• A minimum of 5 years relevant work experience of which at least three years is in designing, developing, deploying and/or administering infrastructure solutions
• Experience of current and emerging virtualization, infrastructure, and cloud and containers technologies and architectures, such as Windows, Linux, AWS, Azure, Openstack, Docker etc.
• Experience of configuration management and automation tools such as Puppet, Chef, Ansible, Salt etc.
• Experience working with programming and scripting languages, such as Ruby and Python
• Experience working closely with agile methodologies, such as Scrum, XP, and with teams leveraging DevOps and Continuous Delivery / Integration
• Strong understanding of IT management best practice frameworks, such as ITIL and COBIT
• Professional experience and knowledge of the Telecommunications industry preferred

The base location for this role is, Corporate Park, Midrand