Senior Specialist Cyber Security

Role purpose: The purpose of the role is to manage and lead the Technology Security Cyber Security Baseline Assurance for . To further provide security assurance, guidance and support to high profile projects according to company defined policies and requirements, best practice and local/international standards (PCI, SOX, ISO27001, GDPR, POPIA and Cyber Crime Bill of 2015) relevant to the technology security area. This role requires the individual to have credible experience in Information Security and Cyber Security Governance, Risk and Assurance based on proven frameworks such as COBIT 5, ISO27001/2, and the NIST Cybersecurity Framework. The candidate should be comfortable with driving information security assurance ideas and communicating clearly with technical as well as non-technical audiences.

1.1 The contractor will deliver on the following key accountabilities and decision ownership:

Provide supervisory technology security assurance, guidance and support
Assure that security is embedded in IT System and Network Infrastructure (Mobile, IS and Enterprise)
Defining, implementing and efficiently maintaining technology security controls and requirements.
Ensure timely delivery of technology security assurance and support for projects.
Ensure compliance with Legal and Regulatory requirements.
Provide SME input to Technology Security Policy requirements and procedures.
Support Technology Security awareness programs and educational efforts.
Provide accurate and timely reporting of technology security risks identified during project engagement and propose remediation and mitigation options.
Fulfil key customers' obligations and stakeholders' expectation.
Participate in creation and execution of technology security strategy.
The role requires the individual to monitor information security governance, risk, and compliance by Corporate IT, Mobile and Enterprise Business domains.
Engage with the stakeholders on control effectiveness and deficiencies in the design and operating effectiveness of information security controls, design and recommend opportunities for continuous improvement.
Interpret and manage the controls and capabilities required to establish and comply with an information security management system in alignment with information security international best practice and/or industry standard(s).
Develop, manage and implement the information security audit and assurance plans and schedules, including any specific business needs and requirements (including PCI, ISO27001, GDPR, POPIA, Cyber Crime Bill).
Manage and conduct formal information security risk analyses, reviews, tests, audits and/or self-assessments.
Design appropriate remedial actions for identified risks, drive remediation of findings and management of risks and exemptions.
Participate in IT general controls and compliance testing activities and/or audits.
Report information security risks in an appropriate way for different audiences.
Collaborate with various key stakeholders and provide information security advice to stakeholders.

1.1 The core competencies, knowledge and experience expected from the contractor are as follow:

Diploma or Bachelor's degree in Computer Science, Information Systems, Systems Analysis, or another related field
Minimum of 5 - 8 years of experience in Tech Security role where you meet business deliverables.
Knowledge of common information technology management / compliance frameworks such as ISO/IEC 27001, SOC 2, SOX, ITIL, COBIT, and NIST.
Knowledge of legal, regulatory and privacy requirements, such as Personally Identifiable Information (PII) Protection and Payment Card Industry (PCI)/Data Security Standard.
Proven experience managing and operating multiple security programs, projects, and initiatives.
An ability to think strategically and drive change.
A deep understanding of Technology Security risks and mitigating solutions.
A diverse security background with knowledge in several areas including layered security architecture; internet protocols; firewalls; VPN technologies, IDS/IPS, network access control and network segmentation, anti-malware and spam technologies; risk and vulnerability assessments, and compliance.
Security concepts related to DNS, routing, authentication, VPN, proxy services and DDOS mitigation technologies.
Windows, UNIX and Linux operating systems.
Practices and methods of enterprise architecture and security architecture.
Network security architecture development and definition.
Web Security & Encryption.
Strong organizational skills and an entrepreneurial drive with a history of recruiting and developing high-performing teams.
Ability to work under time and resource pressure.
An ability and desire to communicate and work with a broad set of stakeholders.
A customer-focused, responsive, and transparent attitude.