Snr Specialist - Information Security Architecture and Analytics at Telkom

Core Description

Responsible for the identification, architecture, design, delivery and operational methodologies of advanced information and cyber security monitoring, management and analytics platforms in support of the identification, measurement, control and minimisation of loss associated with uncertain information and advanced cyber security risks throughout the ICT and business environment. Including the development, documentation, implementation and monitoring of an Information risk management framework including policies, standards, procedures, and of security architectures to ensure delivery and awareness of sound Information Security management and operational practices company wide, including support and enablement of business objectives, compliance with national legislation and international standards. Ensuring directly and indirectly that the Information Security team researches and stays abreast of worldwide best practice and regulations. Provides business strategic direction, support and consultancy with respect to information security and cyber risk management practices and concerns within IT, network, finance, and business architectures, including applications, changes, solutions and operational processes.

Competencies

FUNCTIONAL KNOWLEDGE:

Advanced Information Security Technologies; Information Analytics and Methods for Security; Change Management and Change Risk; Information Risk Assessment and Management; Security Standards, Policies and Practices; Information Risks within Systems and IT Architecture; Information Risks within people and processes; Information Security Intelligence; Enterprise and Security Architecture; Operational Security Practices and Management; Information Security Assurance; Information Security Awareness

FUNCTIONAL SKILLS:

Analytical and investigative; Architect and design; Technology Awareness; Security & Cyber Threat Awareness; Communication and Interpretation; Decision making; Problem solving; Project and complex task management; Risk Awareness and explanation

ATTITUDES/LEADERSHIP COMPETENCIES:

Integrity; Assertive; Confident; Initiator; Supportive; Persuasive; Team Player; Problem Ownership

Job Responsibilities

Information Security Analysis

Accountable for Security Data collection, Analytics, Interpretation, and reporting

• Creation and maintenance of advanced security analytics systems, methods, standards and benchmarks
• Ensure Regulatory and Security Policy Compliance and Business Risk alignment
• Manage Policy review, update and approvals process
• Maintain Information Security Strategy ensuring Business Strategy Alignment
• Ensure Information Security Awareness of Policy and Business Risks

Information Security Risk Management

• Ensure Information and Cyber Risk management strategy is data driven
• Report to Business on Enterprise Information Risk
• Ensure appropriate Research, Identification and Assessment of Information and Cyber threats to business (New and existing)
• Ensure and Manage Project and Change Consultation and Assessment of Risk

Information Risk assessment, rating, management, and resolution

• Represent Information Security in Technology, Governance and Business forums
• Monitor, Analyse, Assess and Report on Operational Security Assurance

Information Security Architecture

• Ensure Enterprise Security Architecture aligns with business requirements and risks
• Advise and recommend Technical Security direction in support of Enterprise Security Architecture
• Define, Assess and Communicate Information Security analytical elements within Business and IT Architecture

Information Security input to Business cases and projects to ensure measurability and analytic value

• Ensure Information Security Architecture requirements are met within all systems and processes
• Information Security Assurance & Compliance
• Ensure metrics, data collection, and analysis are appropriate for Security risk management
• Ensure Operational Security Service Level agreements are established, and monitored
• Ensure Security Operations Assurance and Delivery against metrics and trends
• Ensure technical framework for Security Operations compliance with policies, standards, and procedures
• Ensure provision and compliance of Security Operations Management and Security Operations Centre - Ensure Vulnerability, Incident and Event management processes are current

Required Certification

• Required at least one of: CISM, CRISC, CISSP, SABSA
• Optional: CISA, CGEIT, CoBIT, TOGAF, ITIL ISO27001 Implementer/ auditor

Qualifications

• Relevant 3 year Degree or Diploma in IT or Information Security (NQF level 6)

Experience

7 years or more practical experience in IT or Information Security, of which five years must include an IT, Network or Information Security role, with the last 3 years in an active Information Risk or Security Analytics role.

Special Requirements

• Prepared to work all hours as required.
• Valid driver’s license.
• No Criminal record.