Information Technology available position

Closing Date

2022/07/29

Reference Number

SAA220706-2

Job Title

Specialist: Cyber Security

Division

Information Technology

Business Unit

IT and Cyber Security

Job Type

Permanent

Location - Country

South Africa

Location - Province

Gauteng

Location - Town / City

Kempton Park

Job Purpose

The Specialist: Cyber Security is responsible for establishing and enforcing information security to protect the computer infrastructure, networks and data against cyber-attacks and internal threats. The position will achieve this by co-ordinating security services from service providers and act as the primary integration layer into the company; the key functional themes are Cyber Security Services, Service Providers, SLA Management.

The primary functions of this position include validating the effectiveness of existing security measures and developing an overall strategy to ensure the long-term information security efficiency and regulatory compliance. Maintain high performing service support functions as per the Service Level Agreement. The job duties include establishing IT security policies and procedures, managing vulnerabilities, managing the security operations centre service, effective incident management, regulating access to information and training staff on proper use of information systems. Monitoring infrastructure, devices and systems for security gaps, design effective solutions and provide reports to management and executive staff.

Principal Accountabilities

Contribute to the design of the IT Divisional Strategy and ensure strategies are implemented and integrated within areas of responsibility

Design/ Contribute to the IT Department Strategy taking into account specialist expertise, best practice, benchmarking and market standards etc.

Determines policies, processes, action plans and systems to support implementation of the strategy

Identify and drive initiatives to support profitability and cost containment in department and division

Manage and control budget in area of responsibility

Manage the built-in security systems to software, hardware and components

Develop strategies for software systems, networks, data centers and hardware

Understand the QA software and hardware for security vulnerabilities and risks

Identify initiatives in alignment with business requirements and strategic objectives

Analyse cost drivers and embark on cost containment initiatives in order to maximise the benefits realisation of organisational design and reporting

Manage services providers according to their service level agreement to ensure budget compliance and reduce risks for the Airline Operational

Utilises and optimises resources in area of responsibility

Optimise technology to enhance internal and external customer expectations

Ensure all processes implemented to deliver customer value

Drive customer centricity within areas of control

Establish and manage effective internal and external stakeholder relationships through appropriate relationship building and networking

Enforce Governance and Risk Management policies, processes and systems

Deliver on regular and timeous reporting of information to key stakeholders

Drive continuous optimisation programmes and initiatives

Engage in trend analysis, benchmarking, research, best practice to support optimisation of department/ division

Manages programmes and projects to contribute to the optimisation of the department/ division

Develops and implements information security standards, guidelines, and procedures

Safeguards information system assets by identifying and solving potential and actual security problems

Protects system by defining access privileges, control structures, and resources

Recognises problems by identifying abnormalities; reporting violations

Implements security improvements by assessing current situation; evaluating trends; anticipating requirements 

Determines security violations and inefficiencies by conducting periodic audits

Upgrades system by implementing and maintaining security controls

Keeps users informed by preparing performance reports; communicating system status

Maintains quality service by following organisation standards

Maintains technical knowledge by attending educational workshops; reviewing publications

Contributes to team effort by accomplishing related results as needed

Configure anti-virus systems and consoles People

Actively supports and adheres to people processes and plans to deliver on divisional objectives

Provides direction, mentoring and coaching to team members to maximise productivity and development

Drives and implements change initiatives with the vision and strategic direction of the airline Lives and role models the airline’s Values

Qualifications & Experience

Bachelor’s degree in IT Security at NQF level 7 is essential

Relevant postgraduate qualification will be an advantage

One or more these industry IT Security and or Cybersecurity Certifications: CISM, CISA, CISSP-ISSEP, CISSP-ISSAP, ISO2-001 Lead Implementer

ITIL certification will be an advantage

6 – 8 years’ experience in IT Security Service Management

Experience developing departmental policies, procedures, standards and guidelines

Cyber operations management experience and responsibility leading cyber programmes

Knowledge and Skills

Experience with security programme that assesses current security posture and recommends effective policies and strategies for long-term protection of the IT assets

Experience in dealing with cyber-security incidents, vulnerabilities management and overall security strategies

In-depth understanding of experience in overseeing cyber-security threats, penetration tests and other vulnerabilities including managing the mitigation responses

Enforcement with all service providers to ensure all infrastructure, network components, applications and devices are properly configured and protected from cyber threats

Experience with information security standards and regulations

Latest security and technology developments

In-depth knowledge of architecture, engineering and operations of enterprise SIEM platforms and SOCs 

Demonstrated experience in Internet and network security products and platforms, including intrusion detection, intrusion prevention, incident response, vulnerability assessments and penetration testing

Excellent knowledge of information security alerts, threat trends, intrusion analysis, malware, anomalous behaviour, forensic research and incident response protocols

Knowledge of basic system administration and operating system hardening techniques 

System administration

Network security

Problem solving skills

Information security policies

On-call network troubleshooting

Firewall administration

Network protocols

Routers, hubs, and switches

Informing others

Process improvement

Resource utilisation

Strong service management leadership skills and ability to work effectively with all IT functions and service providers

Strong analytical, project management and team-oriented interpersonal skills Proven ability to work under pressure in emergencies and communicate security-related concepts to technical and non-technical staff

Attributes

Leads crucial conversations

Coaches and mentors

Leads projects

Facilitates transformation and change

Drives innovation

Implements and aligns to vision

Delivers value

Leverages team diversity

Role models behaviours and values