Senior IT Security Specialist

**Job Details**:

- Department Cyber security- Minimum experience Mid-Senior- Company primary industry Insurance- Job functional area Information Technology- Salary R700 000 - R1 000 000 per annum**Introduction**
A reputable financial services company offering short term insurance products is looking for a Senior IT Security Specialist to join their IT Asset and infrastructure team**Purpose of the Role**
- To actively protect the organisations information technology assets and infrastructure from external or internal threats and ensuring compliance with statutory and regulatory requirements regarding information security and privacy.
- To ensure security controls are implemented and managed across the organisation and to improve the overall security posture while maintaining the integrity of the company brand.

**Key Responsibilities**: 1. Cyber Security Program**
- Understand strategy and the cybersecurity implications to enable digital trust within operations and platforms.
- Design, configure, deploy, and maintain security controls to safeguard infrastructure.
- Actively protect the organization’s information technology assets and infrastructure from external or internal threats and ensure compliance with statutory and regulatory requirements regarding information access, security, and privacy.
- Analyse problems, and recommend solutions, products, and technologies to meet business security and information security objectives.
- Interpret the cybersecurity strategy and framework
- Interpret cybersecurity maturity levels and implementation road maps
- Lead the implementation of best practice network security controls across cloud environments (AWS and AZURE) and On-premises platforms to maintain resistance against cyberattacks.

**2. Data protection and encryption**
- Understand organizational information data flow and maintain an inventory of data to ensure sensitive information is identified and protected adequately.
- Understand data classification framework and implement controls as per sensitivity levels.

Develop or install software, such as data encryption programs for data at rest, in transit, and in use such as SSL certificates to protect sensitive information.- Develop best practices for Crypto Key Management across the organization and maintain safe and responsible use of cryptographic keys.

**3. Network, web and Endpoint Security and monitoring**
- Maintain the malware and destructive activities policy rules across security platforms to ensure business continuity while security is maintained.
- Coordinate monitoring of networks or systems for security breaches or intrusions across Cloud and On-premises platforms.
- Ensure endpoint security controls have covered the whole landscape and remain effective in identifying and mitigating threats in line with the in-depth layered defence approach.

**4. Threat and vulnerability Management**
- Lead threat landscape assessment and situational Cyber-attack Vulnerability awareness through an understanding of the vulnerability Detection, Management management program.
- Ensure vulnerability assessments and penetration tests are performed periodically.
- Provide reports to various forums on the vulnerability management program
- Continuously scan the threat landscape to identify threats facing the environment and provide proactive suggestions on prevention.

**5. Physical security**
- Support facilities with the implementation of physical security measures designed to deny unauthorized access to premises.
- Ensure robust and fit-for-purpose access controls, surveillance cameras, and intrusion systems.
- Ensure advanced controls are in place for high-risk areas such as data centers and computer storage areas.

**6. Disaster recovery and business continuity**
- Support the development of disaster response and recovery strategies within the company.
- Ensure seamless transition between the company and the disaster recovery site during security breaches or other business interruptions.
- Troubleshoot security and network problems to maintain a fit-for-purpose DR site and business continuity - plans.

**7. Incident response and third line support**
- Provide second-line support to users with any Information Security related queries within the SLA period.
- Provide technical support to computer users for installation and use of security products.
- Oversee and provide advanced support on open issues (e.g., customer logged tickets, incidents, projects, etc.)
- Assist in incident response for any breaches, intrusions, or theft.
- Coach and guide Service desk and IT support in their incident response regarding security, and appropriately escalating issues in line with the service management processes and procedures.

**8. Ad hoc**
- Continuously develop information security standards and best practices to respond to the changing environment.
- Follow the Procurement processes to purchase and identify the right service providers for security services.
- Oversee Th