Job summary :
The Senior Specialist : Cyber Security : The Specialist will be responsible to lead and manage timeous delivery of Cyber Security audits within the Group, thereby ensuring adequate assessment of cyber security risks on various network platforms at the Group and its entities.
The Specialist will also undertake implementation of cyber security related tools such as nessus, splunk, ArcSight, etc throughout the Group and also ensure adequate.
The incumbent will also be expected to champion and implement some of the Business Units strategic initiatives under the guidance of a Head of IT Audits as well as the Chief Audit Executive when required.
Direct and coordinate Cyber Security related reviews covering four audit phases i.e planning, execution, reporting and quality assurance.
Implement and manage cyber-security tools and ensure effectiveness thereof.
Project manage all projects to ensure timeous delivery on milestones and quality of delivery is met.
Conduct adequate assessment of cyber security risks on the various network platforms.
Perform assessments on infrastructure security, network security, application security, information security, cloud security, data security as well as end-user security
Provide consulting services on Cyber Security strategies and cyber security landscape within Group EOH.
Conduct follow ups on findings identified by Group IT on internal and external vulnerability assessment, penetration testing, cyber security assessments
Train and develop GIA staff members on cyber security (Knowledge transfer)
Provide assistance in other IT related Audits projects.
Represent GIA at Security Sub-Committee.
Conduct research on cyber security trends as well as innovative tools and facilitate debriefing sessions with GIA and Group IT.
Manage internal and external stakeholders relationship (including assistance with Go To Market strategies)
Develop systems, forums, protocols, and policies that facilitate communications between the response team and other stakeholders.
Provide assistance with the preparation of Audit Committee Packs
Experience required :
At least 5 or more years of specialized working experience as a manager which includes
cyber security, network vulnerability assessments, penetration testing, configuration management and infrastructure reviews.
Considerable knowledge of threats, vulnerabilities, risk, confidentiality, integrity, availability, network security, web-based applications architecture and security, and network protocols.
interfaces, infrastructure, data processing and computer general controls.
Demonstrated knowledge and practical audit experience of cyber security including infrastructure security, network security, application security, information security, cloud security, data security as well as end-user security.
Considerable knowledge of internal controls, business and information technology risks (focus on cyber security risks and controls) and / or audit techniques.
Demonstrated knowledge and practical audit experience of cyber security technologies including firewall, IDS / IPS, DLP, Proxies, anti-malware, CASB, email security, remote access, security baseline, SIEM, PKI, data encryption / tokenization, database security, RACF security, operating systems etc.
Knowledge of cyber security related tools such as nessus, splunk, ArcSight, watchtower, data loss prevention tools, intrusion detection and intrusion prevention tools, penetration-testing tools etc.
Knowledge of policies, procedures, rules and regulations.
Knowledge of IT risk identification and assessment.
Qualifications required :
Matric / Grade 12.
Bsc Computer Science or Degree in Information Technology or Informatics.
Post Graduate Degree will be an added advantage.
Certified Information Systems Auditor (CISA) and / or Certified Information Security Manager (CISM) and / or Certified Information Systems Security Professional (CISSP) and / or Certified Ethical Hacker (CEH).
Degree and CISM, CISSP and / or CEH
Competencies required :
Strategic, analytical and critical thinker;
Solution driven individual;
Teamwork and collaboration;
Drive performance excellence;
The ability to independently run a project;
Ability to influence management;
Initiate and Innovate;
Manage audits within the allocated time frame; and
Manage audits in accordance with policies, procedures and legislation requirements