Information Security Analyst

Job Description

**Support Technology Transformation & Innovation in your area of responsibility**
- Support with developing and maintaining Cyber Security Road Map and interventions
- Support with developing company-wide best practices for Technology security
- Support improving the maturity, or efficiency, of the Cyber Security team, by identifying innovative, problem-solving solutions.
- Creates and maintain appropriate standard operating procedures for the Cyber Security and information protection.

**Support on Analysis & Planning Activities**
- Identify, respond, predict and analyse security breaches and threats to determine their root cause and report findings to relevant stakeholders on cyber-security threats, attacks, incidents, and other factors that indicate security risks as per SLA.
- Researching, investigating and developing proficiency in current and emerging threats, vulnerabilities, and security technology developments.
- Play an active role in Technology Security Planning sessions, driving agenda and deliverables with all participants.
- Support managing Vendor Strategy and roadmap for Information Security
- Establish plans and protocols to protect digital files and information systems against unauthorized access, modification and/or destruction within mandate
- Assessment of the organisation's technology risk exposure and measurement of the various parameters that make up technology risks.

**Support the Design for your area of responsibility**
- Work closely with other stakeholders to design, architect, consult and implement security solutions to ensure readiness for security technologies
- In support of program design, gather client requirements and draft documentation in order to compile a draft project plan, only more complex programs need to be reviewed by the Information Security Officer
- Identify the desired outcomes and success criteria which is to be the baseline for post project review and benefit realisation validation, as well as measuring positive effects.
- Contribute to project risk management consulting and technical reviews, drafting mitigation plans and delivering on any actionable items allocated
- Drafts procedures and or policies with regards to cyber security submitting them to the Information Security Officer for review and authorisation.

***

**Implementation & Execution within mandate**
- Monitor and analyse Cybersecurity operational services, including intrusion detection and prevention, situational awareness of:

- network intrusions.
- security events.
- data spillage; and.
- Incident response actions.
- Investigate improper access to ensure proper access; revoking access; reporting violations; monitoring information requests by new programming; recommending improvements including but not limited to privilege account management.
- Provide daily operational effectiveness reporting to the Information Security Officer
- Create and update weekly dashboard view of cyber risk ratings in the organisation.
- Prepare reports for circulation to the management teams related to investigations and treats for the month, this will also be rolled up into quarterly reporting.
- Support with managing vendor resource deliverables to ensure quality and consistency of services
- Audit vendor services and report on non-performance or execution deficiencies to the Information Security Officer

**Risk & Quality Management within ones area of responsibility**
- Drives vulnerability testing, risk analyses and security assessments providing findings to the Information Security Officer
- Maintain compliance with core risk management concepts, such as vulnerability management and threat intelligence.
- Guide teams throughout the organisation, imparting knowledge to enable employees to become Technology Security champions
- Create a collaborative program to coordinate and drive operational activities related to Cyber Security, including event and incident investigation, process development and optimization, playbooks, and exercise development.
- Assists with managing vendor resource deliverables to ensure quality and consistency against SLA as per mandate
- To be the point of contact that interface between vendors and business units during audits, assessments or security reviews as per mandate
- Advise Technology business partners on regulatory, compliance (POPI, PAIA, etc) and/or legal requirements as it relates to securing of data.
- Drive compliance regarding Information Security business continuity planning.

***
**Create awareness of IT Security good practices to the relevant stakeholders through communication and training**
- Foster relationships within the organization in order to implement security interventions that are relevant to current business needs.
- Work across the organization to present contextual risk information to business colleagues, influencing strategic and operational decisions.
- Lead and collaborate on lessons learned and root cause activities, including incide