IT Information Security Analyst - ITSA080218
Applications accepted until:
Number of Openings


Head Office



Job Purpose

The position as Information Security Analyst is focused on enabling the business to grow through the mitigation of information security/vulnerability risks and fulfilment of related regulatory obligations.


  • Grade 12 with accounting
  • 3 Year Degree at NQF 6 level (IT Qualification an advantage)
  • NIST and/or /ISO 27000 knowledge
  • Security certifications, such as CISM and CISSP


  • 4-6 years information and cyber security toolset/vulnerability management experience

Skills and Knowledge

  • Strong technical ability.
  • Ability to conduct information security risk assessments
  • Ability to create and execute security monitoring toolsets such as DLP, SIEM and Web Gateway, Cyber Protection.
  • Exposure to cyber security or SOC monitoring.
  • Stakeholder Management
  • Ability to support an information security strategy that supports business needs
  • Understanding of the NIST and ISO 27000 frameworks
  • Ability to travel
  • Business Acumen
  • Multi task and quality focused.
  • Good understanding of risk and compliance
  • Understanding of business process analytics
  • Project Management skills

Key Performance Areas:

  • Configure, implement and maintain cyber security toolsets.
  • Monitor toolsets for security events and conduct proper investigations.
  • Be able to be a part of an incident response team and triage.
  • Embed processes/initiatives and toolsets in accordance with achieving the strategy.
  • Define and maintain all the security governance documents that are required to support the strategy/solutions.
  • Document all the process documentation required for the role and create robust processes.
  • Report compliance and perform threat intelligence on cyber security tools.
  • Keep the information security toolset plan for IT functions agile and current to constantly be able to address risk.
  • Create and develop policies and standards to be applied to ensure proper controls are in place.
  • Embed and manage the ISO 27001 compliance standard and ensure proper processes and structures are put in place
  • Define a process of understanding data flows, categorisations, locations and architecture of servers to fully be able to interpret the outputs of the reports and action accordingly.
  • Manage third party interactions and manage alerts appropriately
  • Manage a vulnerability management system in line with current risk management system
  • Create and maintain security awareness campaigns and perform training on key security aspects and process change.


Preference will be given to employees from the designated groups in line with the provisions of the Employment Equity Act, No. 55 of 1998, SISA internal recruitment policy as well as units employment equity plans.