Qualifying Criteria
1. Architecture and strategy
• Understand how business architecture shapes and defines the technical security architecture.
• Improve the security methods and practices that influence the architecture and design of Sasria processes and technology deployments.
• Risk Management- master data centric risk management and data flow maps; ongoing assessments on Sasria environments (both on-prem and cloud based) to ensure risk is mitigated effectively.
• Security Architecture Methods – be familiar with security architecture methodologies and frameworks (e.g., SABSA, TOGAF E-OSA, NIST CSF).
• Security Frameworks, Standards & Best Practices.
• Understand necessary interactions across both formal activities and more informal communications.
2. Leadership
• Influence how the business will adopt security.
• Use business relationship management to interact and work with relevant stakeholders to ensure that their needs are addressed by the security architecture.
• Strategic Planning.
• Relationship Management.
• Political Navigation.
3. Privacy Advocacy
• Be aware of and having a data inventory of all private data stored in company systems.
• Know what data protection mechanism have been deployed to protect private data.
• Know expectations set by compliance and risk teams for the processing and storage of private data.
• Know legal limitations placed on data in cloud such as residency and sovereignty limitations.
• Understand how privacy is handled by Sasria’s contractual arrangements with service providers.
4. Technical
• Understanding of a broad technological security architecture.
• Identity and Access Management including ecommerce systems.
• Privileged Access Management.
• Network and processes design.
• Secure application development.
• Standards and security baselines configurations.
• Data Protection initiatives including cloud applications and infrastructure.
• Matured understanding of Cryptography.
• Tech Security Deployments.
5. Operational
• Improve technologies that influence how IT operates in a secure manner.
• Mature understanding of Infrastructure tools.
• Monitoring & Compliance Tools.
• Network security services including Security Operations activities.
• Cloud Security management and controls implementation.
• Physical security technology.
• Assuring protection of types of business information.
• Assuring integrity of business processes.
• Protecting communications and information flow within the business.
• Ability to meet regulatory and legal obligations.
6. Service Delivery
• Provide third line support to users with any Information Security related queries within the SLA time frame.
• Overseeing and providing advanced support on open issues (e.g., customer logged tickets, incidents, projects etc.).
• Assist in incident response for any breaches, intrusions, or theft.
• Coach and guide team members regarding security activities.
• Assist the end-user, and IT in requesting security variances and implementation of subsequent configuration change requests.
7. Adhoc
• Recommend best security practices to achieve business objectives, advises on risk assumptions for any variances granted, and provides alternatives to achieve desired end results.
• Research, identify and recommend improvement to capabilities and maturity of threat and vulnerability management strategy, policy, standards, processes, procedures, and tools in order to deliver value to the business.
• Maintain system documentation and configuration data for regulatory and audit purposes.
• Assist in the management and optimisation of Security Operations Centre for detection, prevention protection and response on cyberattacks.
• Degree in Information Security/Bachelors or relevant equivalent to NQF Level 6.
• Must have one or more of the following professional certifications: CCSP, CISSP, CISSP-ISSAP, CISM, CRISC, CEH.
• Advantageous certificates: COBIT 5/2019 or ITIL V3/4.
• Minimum of 8 years’ experience in Cybersecurity or Information Security of which three years was spent leading teams or as an information security technical lead.
• Experience in security architecture methodologies, tools, and enablers.
• Hands-on experience with implementation and monitoring of various IT Security solutions.
• Excellent understanding of IT operational processes and controls including projects deployment.
• Excellent understanding of regulatory requirements facing the IT environment (PCI DSS, POPIA, GDPR).
• Must be persuasive and be able to communicate cybersecurity related concepts to a broad range of technical and non-technical staff.
• Be able to map business needs to technology solutions.
• Solid understanding of security risks and preventative controls.
• Understand IaaS/PaaS/SaaS security deployments; native cloud security tools; CASB/CSPM/CWPP capabilities.
• Security Frameworks, Standards and Best Practices:
• ISO 27001 and ISAE 3402 SOC 2
• PCI DSS
• NIST SP 800-53
• CIS or DISA benchmarks
• Microsoft Cloud Adoption framework
• Microsoft Cybersecurity Reference Architecture
• Familiar with security architecture methodologies and frameworks (e.g., SABSA, TOGAF E-OSA0).
• Experienced in multiple domains of cybersecurity.
• Be open-minded to new ways of doing things.
• Experience in the development and usage of Technology Patterns / Models to achieve business outcomes.
• Recognised subject matter expert.
• Successful leader traits.
• Problem solving skills with the ability to interpret and analyse data.
• Ability to explore and learn new technology and processes.
• Have emotional resilience.
• Be able to manage relationships.
• Be able to handle conflict.
• Take initiatives in solving problems.
• Embrace diversity and collaboration.
A South African citizen of any gender, preference will be given to an EE candidate.
- The role will be in Illovo, Johannesburg