Job summary

Location:
Cape Town, South Africa, Africa
Career Level:
Senior (5+ years of experience)
Education:
Diploma
Job type:
Full time
Positions:
1
Salary:
Negotiable

IT Security Officer – Financial Services AA/EE (Cape Town)(Ref 117)

About this job

 Responsibilities

Develops and manages an information security programme: 
• Designs and leads an enterprise wide information security programme to identify, assess and mitigate risks.
• Writes, implements and maintains security policies and procedures.
• Establishes an effective reporting and escalation process.
• Appraises and guides the executive team on all aspects of information security, including trends, threats and vulnerabilities.
• Assesses the impact of business process changes, architecture changes, technology changes and application changes on the information security controls

 

Leads Solution Development and Maintenance: 
• Leads / oversees and works with Service Providers on system upgrade strategies.

Leads the architecture, design, implementation, and maintenance of complex solutions.
• Identifies, screens and evaluates new solution opportunities to address business requirements.
• Works with leadership and service providers to ensure timely introduction and withdrawal of project and products in line with company business plan and strategy.
• Shares knowledge of technology risks and opportunities.

Implements the Information Security Strategy: 
• Develops and implements the information security strategy and governance framework which is consistent with Group information security objectives and industry best practices.
• Proactively works with IT management to implement and integrate information security procedures, standards and controls into the day to day operations.

Manages Information Security Technologies: 
• Manages Information Security technologies including identity and access management, penetration testing, identity theft, denial of service (DoS) attacks, hacking techniques, access list management, user authentication, data encryption, vulnerability scanning, intrusion detection, email scanning, web content filtering, virus management and security testing.
• Keeps abreast of developments in the areas of legal, regulatory, corporate requirements, technological developments and best practices in the information security field.


Risk Management: 
• Work closely with auditors, and drive the necessary remediation of information security findings
• Assist in identifying and mitigating information security related risks
• Conduct risk assessments on third parties to ensure compliance of information security standards
• Assess cloud vendors and provide input on security within cloud environments
• Advise and participate in the business continuity and disaster recovery plans

Application Security – Automation:
• Define the information security requirements for SDLC
• Facilitate information security code reviews
• Drive security automation into the DevOps processes

Operational Security: 
• Drive the vulnerability and patch management programme
• Coordinate technical information security assessments and penetration tests, as well as, drive remediation
• Ensure information security awareness training is implemented within the organisation
• Manage the information security products and support vendors
• Act as a key approver in the context of change management, specifically with regards to all changes requiring information security oversight 

Security Architecture: 
• Review, provide input, and approve solution designs from an information security perspective
• Define and drive security architecture





Duties

 Education

• BCom Computer Science, Informatics or Auditing or an Engineering degree essential
• CISSP 
• Postgrad qualifications and certificates in OSCP, CISM, CISA will be advantageous

Competencies, skills and behavioural attributes

• Analysis and Attention to detail 
• Troubleshooting/Problem Solving 
• Planning and Organising 
• Building Strategic Relationships / Networking 
• 8 years’ experience in Information Technology 
• 5 years’ experience in enterprise information security architecture related roles and experience in technical analysis, vulnerability scanning and information security assessments
• 5+ years’ experience Knowledge of BS27000,COBIT,SDLC methodologies and ITIL 
• 3-5 years’ experience in leading and managing information security discipline
• 5 years’ experience in establishment and maintenance of information security architecture 
• 5 year experience Technical implementation of the required information security controls


Job keywords/tags:  anages Information Security Technologies:
Developed by Figo Mago at www.tandolin.co.za
You are here: Home