- Published on
SOUTH AFRICAN POST OFFICE (SAPO) - HSM / PCI ADMINISTRATOR
SOUTH AFRICAN POST OFFICE (SAPO)
INTERNAL & EXTERNAL
Job Title: HSM / PCI Administrator (C5)
(Position based in Head Office: Pretoria)
Reports to Head: IT Cryptography
Summation
The person in this position will be responsible for installing, configuration, support and maintenance of the Hardware Security Module (HSM). Performance of day to day aspects include scoping review and validation, conducting periodic review exercises, maintaining compliance artefacts, identifying new or enhancing existing controls to mature the overall security posture, and partnering with IT and business stakeholders to maintain Postbank’s PCI compliance.
Key Responsibilities
Managerial and administrative Support
Report writing
Document Management
Presentation of results
Solution Design, Configuration and Support
Mitigate security risks and threats using industry standard frameworks
Conduct security vulnerability assessments and ensure that systems are regularly patched and maintained
Analyze information systems to ensure that appropriate security functions have been implemented in the systems design and architecture
Provide security and technical architecture guidance on HSM and data encryption solutions
Generate and manage security encryption keys
Installation, maintenance, and support of HSM
Perform queue manager backup and recovery in the HSM environment
Monitoring problems and escalating to vendor when needed.
Document procedures for Disaster Recovery purposes
Define hardware configurations
Document configurations and key ceremony procedures
Perform hardware and software upgrades and patches
Key Responsibilities
Managerial and administrative Support
Report writing
Document Management
Presentation of results
Solution Design, Configuration and Support
Mitigate security risks and threats using industry standard frameworks
Conduct security vulnerability assessments and ensure that systems are regularly patched and maintained
Analyze information systems to ensure that appropriate security functions have been implemented in the systems design and architecture
Provide security and technical architecture guidance on HSM and data encryption solutions
Generate and manage security encryption keys
Installation, maintenance, and support of HSM
Perform queue manager backup and recovery in the HSM environment
Monitoring problems and escalating to vendor when needed.
Document procedures for Disaster Recovery purposes
Define hardware configurations
Document configurations and key ceremony procedures
Perform hardware and software upgrades and patches
PCI Administration
Work with all relevant departments to coordinate the gathering, approval and storage of PCI evidence that will be used as input to the PCI Report on Compliance and Self-Assessment Questionnaire.
Support PCI security awareness program
Support execution of internally performed and 3rd party audit activities in accordance with the PCI DSS.
Interface with Internal Controls, Internal Audit and External Auditors as required to satisfy any audit related policy and compliance deliverables or work items.
Minimum Requirements
Qualifications:
National Diploma in Information Technology (NQF Level 6)
Professional Security Certification (e.g. CISSP) will be an added advantage
Experience:
3- 5 years of experience in information security or related IT experience
Minimum of 2 years’ experience hands on implementation of encryption solutions
PKI design experience including hands on experience with Certificate Authority, Certificate Enrolment Web Service, Revocation servers & HSMs
Working experience with cryptographic solutions (including authentication, encryption, hashing, tokenization & signing) across applications, backup, database, endpoint device, email, file, network, removable media and storage domains
Knowledge and understanding of:
Knowledge of cryptographic algorithms, protocols, implementation and standards (e.g., AES, CMS, DES/TDES, DH, DNSSEC, ECC, IBE, Kerberos, IPsec, MD5, OpenSSL, RSA, SHA*, SSL/TLS and ANSI, IETF, NIST, FIPS, PKCS, PKI, PCI DSS)
Troubleshooting of digital certificate related issues
Ability to facilitate key ceremonies
Hands on experience/working knowledge with Unix/Linux, Wintel, Storage Technologies solutions and tools
Banking/Financial services industry experience will be and added advantage
Familiarity with all requirements of the PCI DSS compliance.
Functional understanding and working knowledge of security principles, standards and processes, such as authentication and access control, secure configuration, network segmentation and traffic analysis, endpoint security, platform architecture, application security, encryption and key management, change management, cloud security
PCI Administration
Work with all relevant departments to coordinate the gathering, approval and storage of PCI evidence that will be used as input to the PCI Report on Compliance and Self-Assessment Questionnaire.
Support PCI security awareness program
Support execution of internally performed and 3rd party audit activities in accordance with the PCI DSS.
Interface with Internal Controls, Internal Audit and External Auditors as required to satisfy any audit related policy and compliance deliverables or work items.
Minimum Requirements
Qualifications:
National Diploma in Information Technology (NQF Level 6)
Professional Security Certification (e.g. CISSP) will be an added advantage
Experience:
3- 5 years of experience in information security or related IT experience
Minimum of 2 years’ experience hands on implementation of encryption solutions
PKI design experience including hands on experience with Certificate Authority, Certificate Enrolment Web Service, Revocation servers & HSMs
Working experience with cryptographic solutions (including authentication, encryption, hashing, tokenization & signing) across applications, backup, database, endpoint device, email, file, network, removable media and storage domains
Knowledge and understanding of:
Knowledge of cryptographic algorithms, protocols, implementation and standards (e.g., AES, CMS, DES/TDES, DH, DNSSEC, ECC, IBE, Kerberos, IPsec, MD5, OpenSSL, RSA, SHA*, SSL/TLS and ANSI, IETF, NIST, FIPS, PKCS, PKI, PCI DSS)
Troubleshooting of digital certificate related issues
Ability to facilitate key ceremonies
Hands on experience/working knowledge with Unix/Linux, Wintel, Storage Technologies solutions and tools
Banking/Financial services industry experience will be and added advantage
Familiarity with all requirements of the PCI DSS compliance.
Functional understanding and working knowledge of security principles, standards and processes, such as authentication and access control, secure configuration, network segmentation and traffic analysis, endpoint security, platform architecture, application security, encryption and key management, change management, cloud security
Skills
Communication Skills (written and verbal)
Procedure development skills
Strong interpersonal skills
Planning and organizing skills
Ability to function independently
Customer orientation
Professional, influential and highly motivated
Problem solving skills
Ability to work under pressure
Ability to produce timely
Physical Mobility (including impact of physical constraints)
Valid Code B Driving License
Should be prepared to travel to sites, work overtime and do standby
Accountability
Installing, configuration, support and maintenance of the Hardware Security Management (HSM), Assist with the evaluation, design and delivery of major new Crypto security technologies of Postbank, Conduct security vulnerability assessments and ensure that systems are regularly patched and maintained, Generate and manage security encryption keys, Understanding of Information Security frameworks and best practices (e.g. ISO, NIST)
Direction
Should function independently with minimum supervision
Should be guided by the IT Infrastructure policies and procedures
CONTACTS
The South African Postbank SOC Limited is committed to achieving and maintaining of diversity and equity in employment, especially with regard to race, gender and disability. In compliance with the banks employment equity plans, first preference will be given to candidates from designated groups. Correspondence will be limited to short listed candidates only.
If you wish to apply, please forward your Curriculum Vitae (CV) to recruitmentSN@postbank.co.za
Please indicate in the subject line the position you are applying for.
Closing Date: 09 June 2021
Position Number: 60066384
Cost Centre: 50800
Correspondence will be limited to short-listed candidates only. If you do not hear from the South African Postbank within 3 months of this advertisement, please accept that your application has been unsuccessful. The South African Post Office Limited reserves the right not to fill this position or to re-advertise the positions at any time.