Senior IT Security Engineer

To support daytoday data security operations including patch management red team exercises remediation of cyber security incidents implementation of Cyber Security road map tasks and to support and maintain a broad suite of information security infrastructure

Essential: Matric or equivalent Senior Certificate. BSC Computer Science/Engineering or any relevant IT tertiary qualification. Information Security certification (s) such as Security Cyber Security Analyst CRISC CISSP or CISA. Advantage: ITIL certification (Information Technology Infrastructure Library

Essential: Minimum of 3 5 years of experience in information security and compliance frameworks.
Advantage: Minimum 5 years of experience in IT related positions.

IT Security Planning & Monitoring:
• Architects designs implements maintains and operates information system security controls and countermeasures.
• Implement new security systems/platforms as per the Cyber Security Roadmap.
• Analyzes and recommends security controls and procedures in acquisition development and change management lifecycle of information systems and monitors for compliance.

• Analyzes and recommends security controls and procedures in business processes related to use of information systems and assets and monitors for compliance.
• Monitors information systems for security incidents and vulnerabilities; develops monitoring and visibility capabilities; reports on incidents vulnerabilities and trends.
• Responds to information system security incidents including investigation of countermeasures to and recovery from computerbased attacks unauthorized access and policy breaches; interacts and coordinates with thirdparty incident responders including law enforcement.
• Administers authentication and access controls including the creation modification and deactivation of user and system accounts security/access roles and information asset access rights.
• Analyzes trends news and changes in threat and compliance environment with respect to organizational risk; advises organization management and develops and executes plans for compliance and mitigation of risk; performs risk and compliance selfassessments and engages and coordinates thirdparty risk and compliance assessments.
• Perform patch management of endpoints and servers to ensure highest level of security on all critical systems.
• Conduct red team exercises and remediation on missioncritical systems.
• Review understand and correlate data from multiple sources not limited to user authentication events windows security event logs intrusion detections alerts proxy logs and firewall events.
Security Compliance:
• Assist with the documentation of security policies as well as promote activities and procedures to create a general awareness about the significance of security within the organization.
• Assist with the maintenance of information security policies and procedures and to ensure that the security strategies are being followed to meet the organizational security goals and standards.
• Perform Payment Card Industry(PCI) compliance and IT General Controls (ITGC) related tasks as directed.
• Assist with the monitoring of internet access utilized by employees within the Group.
• Assist with the identification investigation and resolution of security breaches.
• Develops and administers or provides advice evaluation and oversight for information security training and awareness programs.
• Manage configuration and change control records with regards to IT security system activities.
Stakeholder Liaison:
• Engage management on users that default their Cyber Security Awareness Training to ensure compliance.
• Liaise with stakeholders to perform root cause analysis and trend analysis of security threats.