- Published on
NATIONAL STUDENT FINANCIAL AID SCHEME (NSFAS) - DIGITAL RISK ANALYST
NATIONAL STUDENT FINANCIAL AID SCHEME (NSFAS)
The following vacancy exists at NSFAS in Cape Town.
Position: Digital Risk Analyst
Type & Grade: Permanent, Grade 11
Vacancy No: 42 of 2020/21
Department & Unit: Governance Risk and Compliance
POSITION OVERVIEW:
The Digital Risk Analyst has strong technical skills in a wide range of ICT domains and reports to the Senior Manager: Digital Risk as a member of the NSFAS GRC Team. This position will be required to perform second-line control and risk functions related to Information Security, Cyber Security and Digital Forensics in the areas of Information Security Governance; Human Resource Security; Physical and Environmental Security; Supplier Relationships; Information Security Incident Management; Operations Security and Communications Security.
RESPONSIBILITIES:
• Assist the NSFAS Senior Manager: Digital Risk by,
• Providing technical information, cyber and digital forensics support to other GRC units including Internal Audit, Forensics, Legal and Compliance.
• Implementation and performing of second-line information, cyber and forensics related controls.
• Fulfilling, logging, managing and escalating incidents, participating in problem and change management processes related to information, cyber and digital forensics risk.
• Deployment and management of Digital Risk solutions and systems including applications and infrastructure.
• Participate on NSFAS projects to ensure that information, cyber and forensics risk is factored into the evaluation, selection, design, deployment and maintenance of systems.
• Reporting on the status of controls, incidents, projects and compliance.
• Researching, assessing and recommending systems and configuration standards and requirements for securing NSFAS systems.
• Internal and external security related audits, digital forensic recovery and investigation threat modelling, penetration testing, security scanning and testing configuration baselines.
• Implementation and successfully completing second-line controls tests.
• Following approved processes in fulfilling and tracking of GRC requests, incidents, updates, resolution and reporting.
• Provide accurate and on time input to management reports on agreed metrics, evidence as required and advise or report on recommended actions.
• Ensure that Digital Risk infrastructure and systems are available, configured, capacitated and managed as required.
• Providing input and evidence as required and advise or report on recommend actions aligned to OEM recommendations, industry standards and frameworks and internal policy.
• Reading, interpreting and applying technical data manuals and related documents.
• Keep abreast of emerging security technologies, software and methodologies.
• Researching and providing technical and budgetary information for proposed digital risk solutions and providing input for RFQ's and RFP's.
• Share system and industry knowledge with NSFAS staff, capacitate team members in order for them to operate in a relevant and effective manner.
• Effective time management, prioritizing requests, organize, schedule and co-ordinate tasks and projects.
• Implementation and successfully completing second-line controls tests.
• Following approved processes in fulfilling and tracking of GRC requests, incidents, updates, resolution and reporting.
• Provide accurate and on time input to management reports on agreed metrics, evidence as required and advise or report on recommended actions.
• Ensure that Digital Risk infrastructure and systems are available, configured, capacitated and managed as required.
• Providing input and evidence as required and advise or report on recommend actions aligned to OEM recommendations, industry standards and frameworks and internal policy.
• Reading, interpreting and applying technical data manuals and related documents.
• Keep abreast of emerging security technologies, software and methodologies.
• Researching and providing technical and budgetary information for proposed digital risk solutions and providing input for RFQ's and RFP's.
• Share system and industry knowledge with NSFAS staff, capacitate team members in order for them to operate in a relevant and effective manner.
• Effective time management, prioritizing requests, organize, schedule and co-ordinate tasks and projects.
DESIRED SKILLS AND EXPERIENCE
• A NQF level 7 qualification, preferably Bachelor’s Degree in Information Systems or related.
• Minimum 7 years in experience in ICT or information security.
• Strong technical background in multiple ICT Domains (preferred - digital forensics, security and compliance, cyber security)
• Relevant ICT certifications.
• Driver’s license with own transport.
• Strong MS Office skills.
• Working after hours as required.
• Good written and verbal communication skills (in English).
• Strong problem-solving skills and attention to detail.
• Strong investigation, report writing and research abilities.
Recommendations:
• Certified in ISO/ IEC 27001
• CISSP/ CISA/CISO certified or similar
• Other relevant certifications, RESILIA/COBIT/ ITIL or similar
• Digital Forensics and Readiness, recovery and investigation. (Encase, Autopsy, Tableau)
• Experience with Office 365 security, compliance and auditing.
• Experience with penetration testing tools and vulnerability scanners, Nessus, Arachni, FOCA, etc. (KALI, Maltego, Burp Suite, Arachni, OWASP)
• Experience with Infrastructure and application monitoring and management tools and software.
• Security Information and Event Management solutions, vulnerability scanning and penetration testing and enhancing web application and network security. (Nessus, Checkmarx SAST).
• Experience with SIEM solutions (Alien Vault, etc.)
• Experience with security infrastructure, firewalls, Web Proxies, WAF, IPS, etc. (preferred - Cisco ASA and FortiGate)
• Experience with networking technologies, LAN, WAN, DMZ, etc. (preferred - Cisco and HP)
• Experience with web application and security technologies (preferred – F5, Barracuda, URL policies and security, Cookie Security, SQLi, XSS, LFI, RFI, DDOS)
• Experience with server and infrastructure services, MS Windows Server, Exchange, Active Directory, etc.
• Experience with server virtualization (preferred – VMWare)
REMUNERATION & BENEFITS
Remuneration Package: R 739 180 - R 870 726 per annum
Total Cost to Company per annum inclusive of all benefits and company contributions.
PLEASE NOTE
Closing date: 1 February 2021
Interested applicants should send detailed Curriculum Vitae, copies of academic qualifications and names of three contactable referees to Ms. Fayroes Sherry via email jobs@nsfas.org.za.
NSFAS do not consider late applications. Staff on Leave must ensure that they check the NSFAS portals for advertised vacancies and familiarize themselves with the respective closing dates. NSFAS only corresponds with Shortlisted Candidates. If you do not hear from NSFAS within 2 months of the closing date, please consider your application unsuccessful.
** NSFAS committed to employment equity. Preference will be given to candidates who improve employment equity considerations **
10 Brodie Road, House Vincent, 2nd Floor, Wynberg, Cape Town, 7700 | Private Bag X1, Plumstead, Cape Town, 7800
Tel No.: 0800 067 327 | 021 763 3200 | Email: jobs@nsfas.org.za