The position as Information Security Analyst is focused on enabling the business to grow through the mitigation of information security/vulnerability risks and fulfilment of related regulatory obligations.
- Grade 12 with accounting
- 3 Year Degree at NQF 6 level (IT Qualification an advantage)
- NIST and/or /ISO 27000 knowledge
- Security certifications, such as CISM and CISSP
- 4-6 years information and cyber security toolset/vulnerability management experience
Skills and Knowledge
- Strong technical ability.
- Ability to conduct information security risk assessments
- Ability to create and execute security monitoring toolsets such as DLP, SIEM and Web Gateway, Cyber Protection.
- Exposure to cyber security or SOC monitoring.
- Stakeholder Management
- Ability to support an information security strategy that supports business needs
- Understanding of the NIST and ISO 27000 frameworks
- Ability to travel
- Business Acumen
- Multi task and quality focused.
- Good understanding of risk and compliance
- Understanding of business process analytics
- Project Management skills
Key Performance Areas:
- Configure, implement and maintain cyber security toolsets.
- Monitor toolsets for security events and conduct proper investigations.
- Be able to be a part of an incident response team and triage.
- Embed processes/initiatives and toolsets in accordance with achieving the strategy.
- Define and maintain all the security governance documents that are required to support the strategy/solutions.
- Document all the process documentation required for the role and create robust processes.
- Report compliance and perform threat intelligence on cyber security tools.
- Keep the information security toolset plan for IT functions agile and current to constantly be able to address risk.
- Create and develop policies and standards to be applied to ensure proper controls are in place.
- Embed and manage the ISO 27001 compliance standard and ensure proper processes and structures are put in place
- Define a process of understanding data flows, categorisations, locations and architecture of servers to fully be able to interpret the outputs of the reports and action accordingly.
- Manage third party interactions and manage alerts appropriately
- Manage a vulnerability management system in line with current risk management system
- Create and maintain security awareness campaigns and perform training on key security aspects and process change.