Specialist: Cyber Security at Transnet

Position Purpose

• Providing security support through monitoring, analysis, detection and mitigation of threats against Transnet environment.
• Evaluates the effectiveness and efficiency of existing security control measures
• Identifies the vulnerabilities that may cause inappropriate or accidental access, destruction, or disclosure of information and e stablishes security controls to eliminate or minimise exposure.
• Information security analysts plan and carry out security measures to protect the organization's computer networks and systems. The responsibility of the information security analyst is continually expanding as the number of cyberattacks increases.

Position Outputs

•  Monitor the organization's networks for security breaches and investigate a violation when one occurs  Analyse the installation the use software, such as firewalls and data encryption programs, to protect sensitive information  Prepare reports that document security breaches and the extent of the damage caused by the breaches
•  Conduct penetration testing, which is when analysts simulate attacks to look for vulnerabilities in their systems before they  can be exploited.  Research the latest information technology (IT) security trends  Develop security standards and best practices for their organization  Recommend security enhancements to management or senior ICT staff
•  Create awareness with computer users when they need to install or learn about new security products and procedures  Through a continuous improvement programme, review security in existing technologies and propose improved solutions.  Work with the Information Security Architect to propose changes to the architecture.  Establish relationships with business representatives and with key external information risk, security, and governance and compliance bodies and evangelise the information security cause to uplift the image of information security and Transnet  Enterprise Information Management Services with both internal and external key stakeholders.  Conducts studies within and outside the organization to ensure compliance of the Transnet Information Security Framework with laws, regulations standards and currency with industry security norms.  Develop and maintain a project security risk template to quickly assess the need for security resources on all new/existing projects within Transnet.  Facilitate the rollout of the project security template to all projects in the group.  Provide a security consulting service on all Transnet projects, EIMS, Information Security Architecture and OD IMS.
• Provide a detailed security design and facilitate the implementation thereof for all projects within the group based on a risk  assessment in accordance with the security template.  Development / updating of Information Security related policies and standards for existing or new complex technologies  deployed within the enterprise.
• Provide input into the development and maintenance of the strategies, policies and standards for Information Security,  Business Continuance and IT Risk & Compliance.  Have continuous understanding of the Transnet information security landscape and perform investigations into solutions  (people, process, technology) to mitigate real threats.
• Work with the EIMS Risk function to ensure Information Security Risks are adequately captured, controls identified and  ongoing mitigation actions are implemented.  Perform pre and post implementation security review of key technology implementations.
• Investigate and in conjunction with the Security Architect drive the use of innovative security technology that balances ease of access to information with requirements for security thereof in order to drive and support the Market Demand Strategy.

Qualifications and Experience

• Relevant Qualification / National Diploma ICT/Computer Science/Information Technology (NQF 6/7) Advantageous: Transnet leadership Development Programme, Min 5 years’ relevant experience in a large enterprise, preferably with 1 yr supervisory or specialist experience, including, but not limited to, risk management, IT audit, information security, application development, operations, project management, operations. CISA, CISM or CISSP, ISO 27001, SSCP (systems security certified practitioner), ISSAP, ISSEP, ISSMP (CISSP Concentrations), CCSA, CHFI (or other equivalent) – computer hacking forensics investigations certified will be advantageous.