SOUTH AFRICAN SPECIAL RISK INSURANCE ASSOCIATION (SASRIA)
SENIOR IT SECURITY SPECIALIST DETAILS Closing Date: 2023/07/03 Reference Number: SAS230620-2 Job Title: Senior IT Security Specialist Job Type: Permanent Division: Business Change and Technology Department: IT GRC EE Occupational Levels: Level 4 & 5: Skilled, Technical and Academically Qualified Location - Town / City Johannesburg Location – Province Gauteng Location – Country South Africa Job Advert Summary Purpose of the job: To actively protect the organisations information technology assets and infrastructure from external or internal threats and ensuring compliance with statutory and regulatory requirements regarding information security and privacy. Also, to ensure security controls are implemented and managed across the organisation and to improve the overall security posture while maintaining the integrity of the Sasria brand. Minimum Requirements Qualifications Information Technology (IT) related bachelor’s degree/Diploma as recognized by SAQA Any three (3) of the IT security certifications e.g.: CompTIA Security, CISCO certified, Fortinet certified, CISSP, ITIL, COBIT Experience: 6 years+ of Information and Technology security experience with advanced knowledge of the following technology environments: Darktrace Technology, Fortinet Firewalls Zscaler Technology Mimecast, Crowd strike and familiarity with industry SIEM solutions. Duties and Responsibilities Duties and responsibilities include but not limited to; Cyber Security Program • Understand Sasria’s strategy and the cybersecurity implications to enable digital trust within Sasria’s operations and platforms. • Design, configure, deploy, and maintain security controls to safeguard Sasria’s infrastructure. • Actively protect the organization’s information technology assets and infrastructure from external or internal threats and ensure compliance with statutory and regulatory requirements regarding information access, security, and privacy. • Analyse problems, and recommend solutions, products, and technologies to meet business security and information security objectives. • Perform security assessments for all systems and applications and check for compliance with cybersecurity standards and regulations in projects and new systems design implementation. • Interpret the cybersecurity strategy and framework. Data protection and encryption • Understand organizational information data flow and maintain an inventory of data to ensure sensitive information is identified and protected adequately. • Understand data classification framework and implement controls as per sensitivity levels. • Ensure protection of data with advanced data encryption, data masking, or tokenization, to protect data across applications, transactions, storage, and big data platforms, on endpoints, servers, databases, and cloud environments. Network, Web and Endpoint Security and Monitoring • Build, maintain and upgrade security technology, such as firewalls, web application firewalls; network access controls; web security controls; endpoint security controls for the safe use of computer networks, and the transmission and retrieval of information during business operations. • Maintain the malware and destructive activities policy rules across security platforms to ensure business continuity while security is maintained. • Coordinate monitoring of networks or systems for security breaches or intrusions across Cloud and On-premises platforms. Threat and Vulnerability management • Lead threat landscape assessment and situational awareness through an understanding of vulnerability management program. • Ensure vulnerability assessments and penetration tests are performed periodically. • Analyse, and interpret vulnerability results and facilitate remediation of identified vulnerabilities in conjunction with other IT departments, and business applications owners. • Provide reports to various forums on the vulnerability management program. Physical Security • Support facilities with the implementation of physical security measures designed to deny unauthorized access to Sasria premises. • Ensure robust and fit-for-purpose access controls, surveillance cameras, and intrusion systems. • Ensure advanced controls are in place for high-risk areas such as data centers and computer storage areas. Disaster Recovery and Business Continuity • Support the development of disaster response and recovery strategies within Sasria. • Ensure seamless transition between Sasria and the disaster recovery site during security breaches or other business interruptions. • Troubleshoot security and network problems to maintain a fit-for-purpose DR site and business continuity - plans. Incident Response and Third Line Support • Provide second-line support to users with any Information Security related queries within the SLA period. • Provide technical support to computer users for installation and use of security products. • Oversee and provide advanced support on open issues (e.g) customer logged tickets, incidents, projects, etc.) • Assist in incident response for any breaches, intrusions, or theft. Perform ad hoc duties • Continuously develop information security standards and best practices to respond to the changing environment. • Follow the Procurement processes to purchase and identify the right service providers for security services. • Oversee Third-party service delivery in line with defined service level agreements. POLICY We are committed to Employment Equity when recruiting internally and externally. It is company policy to promote from within wherever possible. Therefore, please be aware that internal candidates will be considered first before reviewing external applicants, provided that this supports achievement of our Employment Equity goals. APPLY HERE SENIOR MANAGER: IT GOVERNANCE, RISK AND CYBER SECURITY DETAILS Closing Date: 2023/07/03 Reference Number: SAS230620-1 Job Title: Senior Manager: IT Governance, Risk and Cyber Security Job Type: Permanent Division: Business Change and Technology Department: IT GRC EE Occupational Levels: Level 7: Middle and Senior Management Location - Town / City: Johannesburg Location – Province: Gauteng Location – Country: South Africa Job Advert Summary Purpose of the job: To drive the successful delivery of the IT Governance, Risk and Cyber Security, strategy implementation and the effective running of the Office of the CIO by ensuring the attainment of the Sasria objectives internally and externally. Minimum Requirements Qualifications: Information Technology (IT) related Bachelor’s Degree at NQF level 7 as recognized by SAQA Post Graduate Degree/Diploma (Advantageous) Any two (2) of the following; • IT Governance certifications: ITIL, COBIT, ISO 27001/2. • Any one (1) of the following international certificates: CRISC, CISA or CGEIT. • Member of a professional body within ICT e.g., ISACA. Experience: • Minimum 6 years of experience in IT Governance/ IT Risk/ IT Audit & Compliance/ Information Security Governance. • Minimum of two (2) years of middle management experience. • Non-life (Short-Term) Insurance related background (Advantageous). Duties and Responsibilities Office of the CIO Strategic Planning: • Assist the Executive Manager: -IT with strategic planning, alignment and implementation. • Establishing repeatable IT strategic processes, which links to both the SASRIA business strategy and enterprise architecture. • Enabling the implementation of IT Portfolio management principles to enable of potential IT investments in ways that drive business value. • Implement IT sourcing strategy and vendor management to drive efficiencies, aligning to the SASRIA policies and procedures. • IT Service Management & implementation. • Conduct market research to ensure Sasria meets market standards on IT and business related processes and general core business support processes. IT Governance • To provide leadership in the conceptualisation, development, implementation and continuous improvement of IT Governance, Risk and Compliance (GRC) function and enable SASRIA to lead by example in enterprise IT leadership and management by adopting IT governance best practices and standards. • Exercises cross-functional governance to achieve a consistent and transparent approach to technology infrastructure & processes, information and reporting. • Ensure that effective and efficient IT governance framework, cyber security and IT Strategy processes and practices are in place enabling business to achieve its strategy. IT Risk Management • Assuming overall accountability for the adequate IT risk management framework which exists to identify, analyse, mitigate, manage, monitor, and communicate IT-related business risk, and that the framework for IT risk management is in alignment with the SASRIA’s enterprise risk management. • Maintain an over-arching, service level-driven performance monitoring and management approach that enables transparent Government monitoring in order to hold the Contractor accountable for inputs and outputs. • Implement leading practices, such as supporting commercial entities with infrastructure improvement efforts. Cobit, ITIL, cyber security framework & other related frameworks. • Ensure that system security within the ICT business unit complies with audit and information security expectations. • Conduct IT risk and vulnerability self-assessments within SASRIA’s ICT business unit. Project Management • Enabling the implementation of IT Portfolio management principles to enable of potential IT investments in ways that drive business value. • Ensure that IT procurement processes are in place, integrated to IT contract management into the ICT’s strategic and tactical planning. Financial • Managing of IT department’s budgeting processes, enabling transparent to business leaders and more flexible to changes in business demand. Benchmark IT cost, performance and priorities of the IT function enabling aligning to IT performance. • Manage the departmental budget, ensuring expenditure within set parameters. People Management • Identify resourcing needs and participate in the recruitment of staff. Ensure that all staff are trained, skilled and that their expertise is fully applied. • Development areas identified and career development plans in place for team members. • Ensure that annual performance objectives are contracted and adhered to by staff. • Manage team performance, ensuring that non-performance is dealt with accordingly. • Create a culture of learning and development within the team. Perform Ad hoc tasks Perform any reasonable tasks as and when required by the Line Manager. POLICY We are committed to Employment Equity when recruiting internally and externally. It is company policy to promote from within wherever possible. Therefore, please be aware that internal candidates will be considered first before reviewing external applicants, provided that this supports achievement of our Employment Equity goals. APPLY HERE
Comments are closed.
|