- Published on
NATIONAL STUDENT FINANCIAL AID SCHEME (NSFAS) - INFORMATION SECURITY ANALYST
NATIONAL STUDENT FINANCIAL AID SCHEME (NSFAS)
The following vacancy exists at NSFAS in Cape Town.
Position: Information Security Analyst
Type & Grade: Permanent (Grade 11)
Vacancy No: 3 of 2020/21
Department & Unit: Governance Risk and Compliance: Information Security
POSITION OVERVIEW:
The Information Security Analyst has strong technical skills in a wide range of ICT domains and reports to Senior Manager: Information Security as a member of the NSFAS Governance Risk and Compliance Team. This position will be required to perform strategic and tactical information security functions. Specifically related to Governance, Risk Management, Training & Culture, Information Sharing, Information Security Controls and Incident management and supporting information security related projects.
RESPONSIBILITIES:
Assist the NSFAS GRC Team in:
• Developing and implementing an information security program and security projects that address identified risks and business security requirements.
• Monitoring and report on compliance with security policies, as well as the enforcement of policies within business units.
• Recommending and coordinate the implementation of IS controls to support and enforce defined security policies.
• Ensuring audit trails, system logs and other monitoring data sources are reviewed periodically and are in compliance with policies and audit requirements.
• Gathering, analyzing and assessing the current and future IS threat landscape, as well as providing a realistic overview of risks and threats, security trends and practices, and laws and regulations in the environment.
• Researching, evaluating or recommending new or updated IS hardware or software, and analyse its impact on the existing environment.
• Drafting of policies, processes and procedure documentation.
Through,
• Internal and external security audits
• Risk analyses and assessments
• Access Control systems and frameworks
• Metrics for ongoing performance measurement and reporting
• Redundancy, high-availability, Disaster Recovery Planning and Business Continuity Planning
• Monitor systems and networks for intrusions
• Anticipate security alerts, incidents and disasters and reduce their likelihood
• Conduct data breach and security incident investigations
• Threat modelling
• Network and application penetration testing
• Source code review
• Produce detailed incident reports and technical briefs
• Research and report writing
• Evaluating changes in terms of IT risk and impact
• Reading, interpreting and applying technical data manuals and related documents.
• Keep abreast of emerging security technologies, software and methodologies
• Completing functional and technical tender and bid specifications.
• Effective time management, prioritizing requests, organize, schedule and co-ordinate tasks and projects.
• Gathering, analyzing and assessing the current and future IS threat landscape, as well as providing a realistic overview of risks and threats, security trends and practices, and laws and regulations in the environment.
• Researching, evaluating or recommending new or updated IS hardware or software, and analyse its impact on the existing environment.
• Drafting of policies, processes and procedure documentation.
Through,
• Internal and external security audits
• Risk analyses and assessments
• Access Control systems and frameworks
• Metrics for ongoing performance measurement and reporting
• Redundancy, high-availability, Disaster Recovery Planning and Business Continuity Planning
• Monitor systems and networks for intrusions
• Anticipate security alerts, incidents and disasters and reduce their likelihood
• Conduct data breach and security incident investigations
• Threat modelling
• Network and application penetration testing
• Source code review
• Produce detailed incident reports and technical briefs
• Research and report writing
• Evaluating changes in terms of IT risk and impact
• Reading, interpreting and applying technical data manuals and related documents.
• Keep abreast of emerging security technologies, software and methodologies
• Completing functional and technical tender and bid specifications.
• Effective time management, prioritizing requests, organize, schedule and co-ordinate tasks and projects.
DESIRED SKILLS AND EXPERIENCE
Minimum requirements:
• Post matric qualification.
• At least one entry level information Security certification i.e. RESILIA/ ISO27001/ CISSP, CEH, etc.
• Strong technical background in multiple Information Security Domains
• Minimum 5 years in experience in ICT
• Driver’s license with own transport
• Strong MS Office skills
• Working after hours as required
• Good written and verbal communication skills (in English)
• Strong problem-solving skills and attention to detail
• Strong investigation and research abilities
Recommendations:
• Bachelor’s Degree in Information Systems or related
• RESILIA/ ISO27001/ CISSP/ CISA certified or similar
• COBIT/ ITIL certified or similar
• Experience in LAN, WLAN and WAN networking technologies, etc. CCNA/CCNP/CCDP certified or similar (preferred - Cisco and HP)
• Experience in LAN, WAN, DMZ security, firewalls, WAF, IPS, etc. CEH/FCNSA/CCNA: security certified or similar (preferred - Cisco ASA and Fortigate)
• Experience with web application security and firewalls (preferred - Barracuda)
• Experience with MS Windows, Server, SQL, Exchange, Active Directory, etc.
• Experience with VMWare
• Experience with Linux - Kali, Ubuntu, Debian, Centos, Redhat, Fedora, etc.
• Experience with SAN and Backup technologies, etc.
• Experience with programming and scripting languages, Html, Java, Python, etc.
• Experience with penetration testing tools and vulnerability scanners, Nessus, Arachni, FOCA, etc.
• Experience with SIEM solutions, Alien Vault, etc.
• Experience with Infrastructure and application monitoring and management tools and software.
Personal attributes:
• Structured, methodical and detail focused
• Professional communicator
• Self-motivated, and innovative
REMUNERATION & BENEFITS
Remuneration Package: R 731 862 – R 862 105 per annum
Total Cost to Company per annum inclusive of all benefits and company contributions.
Benefits and Conditions: Compulsory Medical Aid, Pension Fund & Annual Bonus
Included in the above remuneration is the company contribution to our compulsory pension fund (15%), medical aid contributions and an annual bonus.
PLEASE NOTE
Closing date: 07 May 2020
Interested applicants should send detailed Curriculum Vitae, copies of academic qualifications and names of three contactable referees to Ms. Fayroes Sherry via email jobs@nsfas.org.za. NSFAS do not consider late applications. Staff on Leave must ensure that they check the NSFAS portals for advertised vacancies and familiarize themselves with the respective closing dates. NSFAS only corresponds with Shortlisted Candidates.
If you do not hear from NSFAS within 2 months of the closing date, please consider your application unsuccessful.
“NSFAS is committed to providing equal opportunities and practicing affirmative action employment. It is our intention to promote representivity (race, gender, disability) in the organisation through filling of this position and candidates whose appointment will promote representivity will receive preference. “
10 Brodie Road, House Vincent, 2nd Floor, Wynberg, Cape Town, 7700 | Private Bag X1, Plumstead, Cape Town, 7800
Tel No.: 0800 067 327 | 021 763 3200 | Email: jobs@nsfas.org.za