Specialist Cyber Security Analytics

Sasol is a global integrated chemicals and energy company with a 75-year heritage. Through our talented people, we use our expertise and selected technologies to safely and sustainably source, manufacture and market chemical and energy products globally. When you join Team Sasol, you are joining a company that puts people at the center of everything we do.

Sasol invests in its employees along every stage of the career path and offers development opportunities to help you cultivate your career in a culture that embraces diversity and inclusion.

Job Req Id

10748

Closing Date

10 December 2025

OME

CML: Information Management

Geographical Area

Sandton, Gauteng

Purpose of Job

Provide first line (operational) assurance to the Cybersecurity team by verifying that security controls are properly designed and operating effectively across core security domains. The role designs and performs control monitoring, testing, gathers evidence and reports objective outcomes against Sasol's IT Critical Cybersecurity Controls (CIS v8.1 mapped to NIST CSF 2.0) and related policies/standards enabling timely remediation and demonstrable compliance. This role is positioned within the Sasol cybersecurity team to drive governance, control monitoring and compliance.

Key Accountabilities

• Control design assurance
• Validate control design against internal standards and policies (e.g., AD/Entra ID, PAM, SOC logging, firewall hygiene), raising design gaps and concessions where needed.
• Translate enterprise control objectives (CIS/NIST CSF) into testable control statements and SOPs for first line checks across identity, endpoint, network, data protection, logging/monitoring, and incident response.
• Embed doer–checker separation for high-risk activities; ensure evidence trails meet internal and external assurance expectations.
• Operating effectiveness & continuous monitoring
• Plan and execute control tests (periodic and continuous), collecting Outcome-Driven Metrics (ODMs) for the Cyber Safety Score dashboard.
• Operate configuration/compliance scans and related health checks to detect baseline drift and control exceptions.
• Coordinate detective control coverage checks (e.g., SIEM use-case health, log onboarding completeness) to assure alert efficacy.
• Evidence, reporting & governance
• Maintain auditable evidence packs mapped to each control/safeguard and to the control library.
• Produce clear monthly assurance reports highlighting control status, exceptions, risks, and remediation progress for Cyber leadership and Combined Assurance forums.
• Issue/exception handling and risk response
• Drive remediation tracking with control owners; log and monitor risk responses and concessions per the Cybersecurity Risk Response process.
• Support SOX/ITGC sustainment by aligning first-line checks to key access/change/configuration controls and collating compensating-control evidence where needed.
• Stakeholder collaboration (2nd/3rd line)
• Partner with GRC/Compliance (2nd line) and Internal Audit (3rd line) to share first-line results, close findings, and reduce repeat issues via design improvements and SOP updates.

Formal Education and Certification

Relevant University degree/ B Tech (Information Security / Computer Science / Risk / Audit)

Certifications (one or more advantageous):

• Security Operations / Controls: CompTIA Security+, (ISC)² SSCP, CCSP, CISA,CISSP
• Governance/Standards: ISO/IEC 27001 Lead Implementer/Lead Auditor
• Microsoft Security/IAM: SC-200, SC-300, SC-100, AZ-500
• PAM/IAM: vendor certifications (e.g., CyberArk, Omada)
• SOX compliance certifications

Working Experience

Experience: 6+ years in cybersecurity operations or control monitoring/assurance across cybersecurity domains.

Technical Skill

• Frameworks/Controls: NIST CSF 2.0; CIS Controls v8.1; ISO/IEC 27001
• IAM & PAM; Network & Perimeter Security; Endpoint/Server Protection
• Security Logging & Monitoring; Incident Response linkage
• Change & Configuration Management; configuration baseline drift detection and evidence capture
• Data Security & Protection; backup/recovery verification

Required Personal And Professional Skills
BC_Nimble Learning

BC_Communicates Effectively

TC_IM Data Analytics

TC_IT Risk, Control, and Security

BC_Manages Complexity

TC_Assessment

BC_Tech Savvy

TC_Compliance Management

TC_Information Management

BC_Ensures Accountability

Sasol is an equal opportunity and affirmative action employer. Inspired by our Purpose of "Innovating for a better world", Sasol acknowledges that diversity is intrinsic to the fabric of our organisation and is the key to our growth and success. Sasol is committed to the full inclusion of all suitably qualified individuals. Preference will be given to applicants from designated groups and people with disabilities according to Sasol's Employment Equity Plan. This includes reasonable accommodation to enable individuals with disabilities to perform essential job functions.

Our automated process is designed to efficiently assess a large volume of applications. Should you not hear from us within 60 days of the advert closing then kindly consider your application unsuccessful. Thank you once-more for your interest in Sasol as your employer of choice, and we wish you all the best with your career aspirations and future applications with us.