Security Specialist

Posted 4 months ago

Experienced and Ethical Security Professional who can assist with ISMS operation and maintenance to advance Security maturity of the organisation and deal with technical escalations security and product architecture as necessary.

Recommended experience :
  • Risk Management experience
  • Risk-based Security Architecting orchestrating a wide variety of controls
  • Working in team(s) to create security by implementing, operating and maintaining a variety of systems to protect against attacks and systems to monitor for and to recover from the attack.
  • Working with other teams sharing knowledge on risk and attack vectors and situationally correct technical and physical controls. Create, operate and maintain administrative security controls
  • Penetration Testing Knowledge preferable (demonstrate knowledge of tactics, techniques, and procedures associated with malicious insider activity and be able to act as external threat actor)
  • Attack and defend all forms of Web Systems and application vulnerabilities
  • Automation of tasks with scripts (Python preferable) to create tools and systems to enhance security analysis and improve metrics.
  • Reduction findings by creating high quality, correctly abstracted reports with an actionable recommendation.
  • Improvement of Security governance program (Legal, policy & Compliance) to achieve a higher level of Organisational Security Maturity
  • ISO 271001 ISMS
  • PCI compliance
  • POPI compliance
  • Security operations management
  • Business Continuity & Disaster Recovery
  • Passion for Information Security, ensuring usefulness by assisting the organisation to prevent, find and remediate security vulnerabilities and incidents while maintaining personal knowledge level to what is currently relevant
  • Analytical thinker with a strong understanding of the business versus security requirements balance and security as part of business needs
  • Can-do attitude and ability to back it up with the correct level of knowledge, ability to do quality research and strong work ethic
  • Strong written and oral communication skills with the passion to share knowledge on improving information security
Duties and responsibilities:
  • Assistance with implementation/operation of business-aligned ISO27001 ISMS and other compliance programs
  • Assist in creating and improving documentation standards, templates and processes to record and report security information
  • Update documentation to ensure that Security policies and systems and approved scope remains congruent and current
  • Assist with the development of Information Security Asset list(s) for assessment and risk management activities
  • To assist with measurement & reporting system to gain an understanding of resource and system security performance
  • Gather information on changes in regulatory/judiciary environment on a regular basis and report those to management
  • Check, record and identify inadequacies in the implementation of the security
  • Assist in identifying risks and threats identifying various risk treatment controls that can be analysed from cost/performance perspective
  • Assist with the development of training programs focussed on security and compliance awareness
  • Actively participate in various security forum meetings
  • Assist with analysis, the creation of presentations to give management insight into information security activities
  • Assist to align contracts and projects with organisation’s security needs
  • Support auditing and test activities
  • To assist in developing and testing DRP and BCP to ensure effectiveness
  • Manage or conduct penetration tests against Vodacom networks and applications when necessary
  • Collaborate with multiple teams across the organisation
Minimum qualifications (Minimum qualifications required to perform this role successfully):
  • Appropriate industry security experience at least 5 years’ experience in various domains doing Information Security. (10 years + preferable) or similar qualification(s) e.g. CISSP, CISM, CCISO
  • ISO/IEC27001:2013 Foundation and experience in working in an ISMS driven environment
  • Networking Security Qualification like CCNA Security, F5-CA, JNCS-SEC, NSE4 or equivalent with extensive experience resulting in a strong practical network understanding
  • Demonstrable knowledge of training and experience on as many Operating System and Application Service platforms as possible with a good understanding to secure and harden the systems
  • Demonstrable knowledge of training and experience on a wide range of different Security products
  • Demonstratable knowledge of cloud computing and virtualisation
  • Demonstratable knowledge of Data Centre Operations
  • Knowledge of IOT and SCADA advantageous
  • Penetration Testing qualification like CEH, ECSA, CPT, CEPT, GPEN, OCSE or OSCP with Penetration Testing experience advantageous

Job Features

Job CategoryIPE

Apply Online