Senior IT Security Specialist

**Information Technology ~ Networking / Infrastructure IT ~ Support IT**
**JHB North**
***:
**Senior IT Security Specialist - Illovo Johannesburg**

**R800 000p/a - Permanent Vacancy**

**Role description**

To actively protect the organisations information technology assets and infrastructure from external or internal threats and ensuring compliance with statutory and regulatory requirements regarding information security and privacy. Also, to ensure security controls are implemented and managed across the organisation and to improve the overall security posture while maintaining the integrity of the Companies brand.

**Key Performance Areas (Duties and responsibilities)**
- **_Cyber Security Program_**
- Understand the company’s strategy and the cybersecurity implications to enable digital trust within the company’s operations and platforms.
- Design, configure, deploy, and maintain security control to safeguard the companies’ infrastructure.
- Actively protect the organization’s information technology assets and infrastructure from external or internal threats and ensure compliance with statutory and regulatory requirements regarding information access, security, and privacy.
- Analyse problems, and recommend solutions, products, and technologies to meet the business security and information security objectives.
- Interpret the cybersecurity strategy and framework.
- Interpret cybersecurity maturity levels and implementation road maps.
- Lead the implementation of best practice network security controls across cloud environments (AWS and AZURE) and On-premises platforms to maintain resistance against cyberattacks.
- **_Data protection and encryption_**
- Understand organizational information data flow and maintain an inventory of data to ensure sensitive information is identified and protected adequately.
- Understand data classification framework and implement controls as per sensitivity levels.
- Develop or install software, such as data encryption programs for data at rest, in transit, and in use such as SSL certificates to protect sensitive information
- Develop best practices for Crypto Key Management across the organization and maintain safe and responsible use of cryptographic keys.
- **_Network, web and Endpoint Security and monitoring_**
- Maintain the malware and destructive activities policy rules across security platforms to ensure business continuity while security is maintained.
- Coordinate monitoring of networks or systems for security breaches or intrusions across Cloud and On-premises platforms.
- Ensure endpoint security controls have covered the whole company’s landscape and remain effective in identifying and mitigating threats in line with the in-depth layered defence approach.
- **_Threat and vulnerability Management_**
- Lead threat landscape assessment and situational Cyber-attack Vulnerability awareness through an understanding of the vulnerability Detection, management program
- Ensure vulnerability assessments and penetration tests are performed periodically.
- Provide reports to various forums on the vulnerability management program
- Continuously scan the threat landscape to identify threats facing the company’s environment and provide proactive suggestions on prevention.
- **_Physical security_**
- Support facilities with the implementation of physical security measures designed to deny unauthorized access to the company’s premises.
- Ensure robust and fit-for-purpose access controls, surveillance cameras, and intrusion systems.
- Ensure advanced controls are in place for high-risk areas such as data centres and computer storage areas.
- **_Disaster recovery and business continuity_**
- Support the development of disaster response and recovery strategies within the company.
- Ensure seamless transition between the company and the disaster recovery site during security breaches or other business interruptions.
- Troubleshoot security and network problems to maintain a fit-for-purpose DR site and business continuity - plans.
- **_Incident response and third line support_**
- Provide second-line support to users with any information security related queries within the SLA period.
- Provide technical support to computer users for installation and use of security products.
- Oversee and provide advanced support on open issues (e.g., customer logged tickets, incidents, projects, etc.)
- Assist in incident response for any breaches, intrusions, or theft.
- Coach and guide service desk and IT support in their incident response regarding security, and appropriately escalating issues in line with the service management processes and procedures.

**_Ad hoc_**
- Continuously develop information security standards and best practices to respond to the changing environment
- Follow the procurement processes to purchase and identify the right service providers for security services
- Oversee third-party service delivery in line with defined service level agreements
- Train an