Description
SBV seeks an Information Security Analyst L2 who will conduct all activities related to technology risks and remediations to protect the SBV ecosystem from potential threats including partnering with SBV Employees and vendors to drive a Cyber security conscious organisation.
Support Technology Transformation & Innovation in your area of responsibility
Support with developing and maintaining Cyber Security Road Map and interventions
Support with developing company-wide best practices for Technology security
Support improving the maturity, or efficiency, of the Cyber Security team, by identifying innovative, problem-solving solutions.
Create and maintain appropriate standard operating procedures for the Cyber Security and information protection.
Support on Analysis & Planning Activities
Identify, respond, predict and analyse security breaches and threats to determine their root cause and report findings to relevant stakeholders on cyber-security threats, attacks, incidents, and other factors that indicate security risks as per SLA.
Researching, investigating and developing proficiency in current and emerging threats, vulnerabilities, and security technology developments.
Play an active role in Technology Security Planning sessions, driving agenda and deliverables with all participants.
Support managing Vendor Strategy and roadmap for Information Security
Establish plans and protocols to protect digital files and information systems against unauthorized access, modification and/or destruction within mandate
Assessment of the organisation's technology risk exposure and measurement of the various parameters that make up technology risks.
Support the Design for your area of responsibility
Work closely with other stakeholders to design, architect, consult and implement security solutions to ensure readiness for security technologies
In support of program design, gather client requirements and draft documentation in order to compile a draft project plan, only more complex programs need to be reviewed by the Information Security Officer
Identify the desired outcomes and success criteria which is to be the baseline for post project review and benefit realisation validation, as well as measuring positive effects.
Contribute to project risk management consulting and technical reviews, drafting mitigation plans and delivering on any actionable items allocated
Draft procedures and or policies with regards to cyber security submitting them to the Information Security Officer for review and authorisation.
Implementation & Execution within mandate
Monitor and analyse Cybersecurity operational services, including intrusion detection and prevention, situational awareness of:
network intrusions.
security events.
data spillage; and.
Incident response actions.
Identify and resolve vulnerabilities in networks, servers, systems, and applications by performing vulnerability scans
Investigate improper access to ensure proper access; revoking access; reporting violations; monitoring information requests by new programming; recommending improvements including but not limited to privilege account management.
Provide daily operational effectiveness reporting to the Information Security Officer
Create and update weekly dashboard view of cyber risk ratings in the organisation.
Prepare reports for circulation to the management teams related to investigations and threats for the month, this will also be rolled up into quarterly reporting.
Support with managing vendor resource deliverables to ensure quality and consistency of services
Audit vendor services and report on non-performance or execution deficiencies to the Information Security Officer.
Risk & Quality Management within one’s area of responsibility
Drives vulnerability testing, risk analyses and security assessments providing findings to the Information Security Officer
Maintain compliance with core risk management concepts, such as vulnerability management and threat intelligence.
Guide teams throughout the organisation, imparting knowledge to enable employees to become Technology Security champions
Create a collaborative program to coordinate and drive operational activities related to Cyber Security, including event and incident investigation, process development and optimization, playbooks, and exercise development.
Assists with managing vendor resource deliverables to ensure quality and consistency against SLA as per mandate
To be the point of contact that interfaces between vendors and business units during audits, assessments or security reviews as per mandate
Advise Technology business partners on regulatory, compliance (POPI, PAIA, etc) and/or legal requirements as it relates to securing of data.
Drive compliance regarding Information Security business continuity planning.
Create awareness of IT Security good practices to the relevant stakeholders through communication and training
Foster relationships within the organization in order to implement security interventions that are relevant to current business needs.
Work across the organization to present contextual risk information to business colleagues, influencing strategic and operational decisions.
Lead and collaborate on lessons learned and root cause activities, including incident response processes until closure with all relevant stakeholders.
Drive compliance with Cyber security Training, in conjunction with Organisational Development, and awareness including alerting and escalations of non-compliant staff
Develop security awareness by providing orientation, educational programs, and ongoing communication.
Develop, document and distribute how-to guides and update the internal knowledge base.
Adhere to Process and Policy
Strives for 0 data material breaches and findings in Audits
Drives any audit findings departmentally providing regular feedback to the Information Security Officer
Manage internal control framework ensuring internal controls are reviewed periodically by departments as well as driving internal control adherence and compliance
Create and maintain appropriate standard operating procedures for Information Security, including business continuity plans.
Establishes system controls by developing a framework for controls and levels of access, recommending improvements.
Comply with established security configuration standards and best practices.
Drive compliance of the audit framework
Monitor and drive compliance against the audit framework. Logical access, physical access, change management, security controls (hardware, software and data levels). Implement additional processes, such as Segregation of Duties, Password Safes and Audit trails, to address the risk posed by privileged Technology users.
Conduct reviews and assessments according to policies and standards set out (across PM Lifecycle and SDLC).
Conduct internal and external security audits, providing recommendations to close any potential gaps within the process and or system
Conduct technical security reviews and perform technical risk assessments.
Support the SBV United Ethos
Act as a coach or guide to new employees within the department, peers and others
Contribute to building a knowledge sharing culture within the department
Where applicable, take the opportunity to upskill oneself on future skill sets and other roles with the department/SBV.
Drive the organisation culture within one’s centre
Drive the department’s values while inspiring confidence and generating excitement, enthusiasm and commitment towards the mission.
Serve as a leader of the culture program driving the desired behaviours and encouraging employee engagement
Create and implement strategies in collaboration with Change Management & HR to evaluate and maintain employee satisfaction
Drive Transformation and BBB-EE initiatives to ensure sustainable alignment to the company scorecard.
Provide leadership to employees within the organisation, creating a winning culture and high morale Lead as an Ambassador and executor of Change
Act as a change management architect in periods of change to ensure continuity to operations
Effectively communicate and embed new processes and procedures as they occur addressing or escalating matters / concerns to the SME’s (subject matter experts) when required
Facilitate the necessary presentations, workshops or forums to ensure consistent and accurate communication is given across one’s centre/s.
Requirements
Minimum Requirements: Work Experience
5 Years’ experience within either an Information Security position or Cybersecurity, which include protection against social engineering, or security vulnerability remediation, of which:
2 Years’ IT administration experience
2 Years’ Ethical Hacking experience
In-depth knowledge of Cloud security platform (MS Intune / O365 Security, etc.)
In-depth knowledge of Firewalls and Malicious Code Defense including APT
Knowledge of Cybersecurity technical assessments, standards, tools, and processes
Knowledge of common attack vectors
Knowledge of Vulnerability assessment tools (Nessus, Nmap)
Endpoint and network security tools/techniques.
Minimum Requirements: Education
Bachelor’s degree in Information Security or similar.
Industry certifications such as CISSP, SANS/GIAC: GSEC, GCIH, GFCA, GCFE, GCIA; EC-Council: CEH, ECIH, CHFI, ECSA; Security+; Tenable: TCNU, TCNA, TCSE, ISO27001 (Candidates with certifications will be given preferential reviews).
NB: Communication will be limited to shortlisted applicants only.
SBV recruitment is committed to transformation and diversity alignment.
Work Level
Management
Job Type
Permanent
Salary
Market Related
EE Position
Yes
Location
Selby
#J-18808-Ljbffr