Johannesburg: Specialist: IT Security posted by Tower Group

Responsible for the identification, measurement, control and minimisation of loss associated with uncertain information and cyber security risks throughout the ICT and business environment.

The development, documentation, implementation and monitoring of an Information Security management framework including policies, standards, procedures, and security architecture to ensure delivery and awareness of sound Information Security Management practices company wide, including compliance with national legislation and international standards.

Researches and stays abreast of worldwide best practice and regulations. Provides expert advice and consultancy with respect to risk management practices and concerns within IT and business architectures, applications, changes, solutions and operational processes

Information Security Governance

Create/ Maintain/ Communicate Information Security Policies and Standards.

Ensure Regulatory and Security Policy Compliance and Business Risk alignment.

Manage policy reviews, updates and approval process.

Support Security Governance Forum and ISMS Processes

Maintain Information Security Strategy and ensure business strategy alignment.

Information Security Assurance & Compliance

Ensure Information Security related Operational and Service Level Agreements are established.

Ensure Security Operations Assurance and Delivery.

Ensure Security Operations compliance with policies, standards, and procedures including PCI DSS.

Ensure provision and compliance of Security Operations Management and Security.

Operations Centre

Responsible for ensuring effective Vulnerability Management, Patch Management and Information Security Incident Management.

Information Security Risk Management.

Report on enterprise Information Risk.

Research, Identify and Assess Information threats to business.

Project and Change Consultation and Assessment of Risk.

Information Risk assessment, rating, management, and resolution.

Represent Information Security in Governance and Business processes.

Monitor, Assess and Report on Operational Security Assurance process.

Information Security Architecture

Ensure Enterprise Security Architecture aligns with business requirements and risks

Advise and recommend technical Security direction in support of Enterprise Security Architecture.

Define, Assess and Communicate Information Security elements within Business and IT Architecture.

Information Security input to Business Cases and Projects

Ensure Information Security Architecture requirements are met within all systems and processes.

Information Security Awareness

Ensure Information Security Awareness of Policy and Business Risks

Contribute to developing and implementing Information Security Awareness Programs and measuring the effectives thereof.

Understanding the IT Security discipline processes, concepts and best practices; Solid technical aptitude and knowledge; Understanding of what is happening in the ICT industry in general.

Knowledge in Risk Management; IT Technologies; IT Security, PCI DSS compliance.

Directing People; Exploring Possibilities; Generating Ideas; Interacting with People; Making Decisions, Developing Expertise, Providing Insights, Producing Output, Upholding Standards. Problem Solving

Minimum 3-year in IT Security experience.

Certifications: Relevant certification will be beneficial.

Relevant 3-year Computer Science, Information Management, Engineering or Business Degree/ Diploma (NQF level 6).

Alternatively, Grade 12 (NQF 4) with relevant IT Certification and/or equivalent years of experience

Driver’s license