IT Security Specialist – IT-Online


Legal requirements: SA citizen / permanent resident or valid SA work permit
Successful credit and criminal checks
Qualification: Graduate Diploma in Information Systems / Engineering (BSc IT, BCom IT)
Reports to: Group Cybersecurity
Location: Hybrid (Centurion office and home office)
Experience: Minimum 6 years of experience in the field of information security.

General objective of the position:
Manage day-to-day operations and effectiveness of security-related programs and initiatives, assess costs associated with potential threats and solutions needed to eliminate or minimize threats. Lead service areas to provide assistance, guidance, problem resolution and technical information to internal and external customers regarding information and cyber security.

Basic skills and experience:

  • General programming/software development concepts and software analysis skills.
  • Thorough understanding and practical experience of IT infrastructure and networks.
  • Thorough understanding and practical experience of physical perimeter security.
  • Experience with hackers and hacking.
  • Experience in assessing and implementing security and risk standards including ISO 2700X, NIST, ITIL, COBIT
  • Systems security skills in assessment, design, architecture, management and reporting
  • Perform information security assessment against EY methodology, best practice frameworks and common standards.
  • Conduct attacks and penetrations on infrastructure, network, web applications and source code review.
  • Minimum 6 years of experience in the field of information security.
  • Must be proficient in ISO 27001 and PCI DSS implementation
  • Must have knowledge of cloud security basics
  • Experience in performing technical activities such as VAPT, configuration reviews and technical exception handling.
  • Experience in cybersecurity incident management
  • Experience in customer relations
  • Experience managing key stakeholders and organizational leadership teams
  • Team management experience

Main responsibilities:

  • Define the content of security and risk policies and guidelines
  • Creates the information security management system and supports its definition
  • Defines operating modes and cybersecurity rules
  • Accompanies the definition of guidelines for the analysis of cybersecurity risks
  • Defines security requirements for important projects and initiatives
  • Defines and delivers awareness programs
  • Defines activities relating to access governance issues, in terms of request flow management, authorization role mapping, authorization management, user recertification
  • Defines the evaluation program
  • Threat modeling, security architecture, authentication technologies
  • Review and implement security patch management.
  • Oversees/Completes security testing of applications and systems
  • Oversees/conducts activities related to data and application protection and activity logging
  • Oversees the control of protection levels and compliance with cybersecurity rules
  • Supervises, identifies, prevents and reacts to attacks of a cyber nature through analysis and control actions, via instruments and internal and external information sources
  • Conduct attacks and penetrations on infrastructure, network, web applications and source code review.
  • Help the business and customer manage business continuity and disaster recovery
  • Oversees related activities Assists clients in the design and implementation of their identity and access management solutions
  • Assist the company and the customer in managing information protection and data privacy.
  • Prevention of internal fraud and cybercrime
  • Guides and controls the cybersecurity operations of defense units under the responsibility of other business functions (logical and physical security)
  • Performs cybersecurity activities for Group companies, with the aim of maintaining adequate levels and protection measures
  • Oversees the management of cybersecurity incidents and those related to fraud
  • Operationally supports the management of internal fraud prevention and electronic crime issues, collaborating, as appropriate, with fraud management functions
  • Management of relations with Authorities, Law Enforcement Agencies and other qualified organizations (eg CERT) on the issue of Cybersecurity
  • Manages internal fraud prevention and e-crime matters, in conjunction, as provided, with fraud management functions Manages relationships with authorities, law enforcement and other qualified agencies (e.g. CERT) on the issue of cybersecurity
  • Validates responses to calls for tenders and coordinates bid management activities for the part under his responsibility
  • Help IT and software factory teams meet security requirements and measure implementation effectiveness.
  • Plan, manage and execute security audits of external vendors and customers
  • Be a focal point for all customer security projects.

The company may include or exclude any task that may be necessary in the interest of the company at its discretion in the range of services and/or tasks to be performed by the employee.

The mission and activities described in this job description are not an exhaustive list of the day-to-day responsibilities of the job holder and are subject to change. They can be modified or supplemented to reflect changes in society.

Desired skills:

  • IT security
  • Information security
  • Risk management
  • Compliance Management
  • SOC
  • Security Operations Center
  • Risk management methodologies
  • Compliance Management Methodologies
  • security management

Desired work experience:

Desired level of qualification:

About the employer:

Formed in South Africa over 20 years ago, specializing in the development of major financial system infrastructures. A key player in central banking with over 9,000 employees in 60 offices worldwide.

Employer and Benefits:

  • Provident fund
  • medical aid

Find out more/Apply to this position


Comments are closed.