Job Opening at Gautrain Management Agency

Job description

Purpose: The Information Security Compliance Specialist is primarily responsible for the assurance of, and the compliance to, information security practices and controls related to the availability, integrity and confidentiality of all GMA’s business information in compliance with the organisation security policies and procedures, standards, regulations and law.

Requirements: A Certificate or current studies in Information Technology or Information Security fields or Equivalent. A diploma or degree will be an added advantage. Minimum 2 years’ experience in the Information Security field; 4 years information security industry experience will be an added advantage. Applicants must have solid experience in:
Developing and reviewing of Information security policies and standards in relation to Regulatory Frameworks relevant to Information Technology;

• Working with Information security systems, with a strong focus on technology platforms such as firewalling and identity governance systems;
• Reviewing and analysing all aspects of information technology operations;
• Information technology systems, with a strong focus on Microsoft technologies, networking technologies and networking peripherals;
• Information security risk management;

Key Responsibilities:

• Information Security Standards and Guidelines.
• Develop and evaluate information security standards in compliance with information security policies, standards and guidelines in order to promote the security and uninterrupted operation of computer-based application systems within the GMA.
• Provide input into the development of information security policies, standards and procedures.
• Administer system and information ownership; information and data classification guidelines and standards.
• Function as an internal consulting resource on information security issues.

Information Security Awareness and Assessments.

• Development and delivery of an education and training awareness program on Information Technology, cyber security, and privacy for employees, consultants and other authorised users.
• Delivery of information security awareness programme.
• Conduct information security assessments for employees, consultants and other authorised users.
• Inform users about security measures and explain potential threats.

Information Security Compliance and Reporting.

• Assess GMA’s ICT compliance with respect to information security policies, procedures, standards and guidelines.
• Assess the impacts on system modifications and technological advances.
• Review systems in order to identify potential security weaknesses, recommend improvements to amend vulnerabilities, implement changes and document upgrades.
• Participate in Disaster Recovery exercises.
• Compile compliance reports

Information Security Risk Management

• Maintain an IT risk assessment program targeting information security and privacy aligned to the organisation-wide risk assessment framework.
• Identify and manage information security risks.
• Maintain the ICT Risk Register.
• Monitor and evaluate information security threats.
• Research, develop, test and review information security initiatives in order to protect information and prevent unauthorised access.
• Review information security controls.
• Review and analyse security events and usage on IT networks and systems.
• Relationships with employees, stakeholders and service providers.
• Build and maintain relationships with the GMA’s employees, stakeholders, service providers, researchers and other stakeholders.

The GMA is an equal Opportunity and Affirmative Action Employer and is committed to the achievement and maintenance of diversity and equality in employment, especially in respect of race, gender and disability as per the  GMA Employment Equity Plan and Numerical Targets.