Information Security Analyst L1 (Talent Pool) (Selby)
Date: 2022/11/02
Reference Number: ISAKAP
Description:
SBV seeks an Information Security Analyst L1 who will be responsible for analysing information security events and responding to identified threats including the auditing and validation of mandated security controls. This role will also assist in implementing, upgrading, and monitoring security protocols, processes, and compliance for the protection of the organisation's networks and information.
Responsibilities:
1. Gather information related to Technology Transformation & Innovation:
o Research the latest information technology security threats and trends globally and use this information to provide the management team with the required information to implement solutions to protect SBV’s data.
o Adopt the strategic direction provided in order to execute duties, providing feedback as and when required.
2. Conduct Analysis & Planning Activities:
o Gather evidence required for security and vulnerability assessments, providing findings to the Information Security Analyst L2 for review and reporting.
o Conduct investigations on uses of data encryption, firewalls, and other appropriate security tools and applications to conceal and protect transfers of confidential digital information.
o Analyse security breaches to determine their root cause providing findings and recommendations to the Information Security Officer.
o Conduct log correlation in the event of a breach or suspected data loss incident for investigative purposes. Evidence gathering to be presented to the Information Security Officer in the form of a report.
3. Provide input into the Design for your area of responsibility:
o Create content and drive security awareness through facilitating orientation, educational programs, and ongoing communication.
o Investigate security remediation toolsets that will allow for automation on system threats through software development or off-the-shelf tools.
o Compile a business case outlining the preferred toolset, submitting for approval to the Information Security Officer.
o Proactively configure and monitor security alerts relating to incidents and disasters to reduce the likelihood of breach on the environment.
4. Implementation & Execution within mandate:
o Support Information Security Analyst L2 to conduct internal and external security reviews by conducting interviews, running toolsets, and consolidating the information to provide recommendations to close any potential gaps within the process and/or system.
o Identify and respond to threats to meet or exceed defined SLAs, escalating where necessary.
o Mitigate incidents and provide accurate documentation around the resolution process.
o Verify authorized access by conducting reviews of logical access on systems.
o Monitor and remediate network, intrusion detection, and prevention systems on a daily basis for security breaches and investigate and report to the Information Security Officer when a violation occurs.
o Monitor the information security compliance against SBV’s standards and best practices.
o Gather information and prepare reports that document security breaches and system compliance within the landscape.
5. Risk & Quality Management within one’s area of responsibility:
o Conduct vulnerability testing, risk analyses, and security assessments providing findings to the Information Security Analyst L2.
o Maintain compliance with core risk management concepts, such as vulnerability management and threat intelligence.
o Support the Information Security Analyst L2 to create a collaborative program to coordinate and drive operational activities related to Cyber Security, including event and incident investigation, process development and optimization, playbooks, and exercise development.
o Assist with managing vendor resource deliverables to ensure quality and consistency against SLA as per mandate.
o Be the point of contact that interfaces between vendors and business units during audits, assessments, or security reviews as per mandate.
o Advise Technology business partners on regulatory, compliance (POPI, PAIA, etc.) and/or legal requirements as it relates to securing data.
o Drive compliance regarding Information Security business continuity planning.
6. Create awareness of IT Security good practices to the relevant stakeholders through communication and training:
o Provide system users with assistance and guidance about new security products and procedures.
o Drive compliance with Cybersecurity Training, in conjunction with Organisational Development, and awareness including alerting and escalations of non-compliant staff.
o Deliver security awareness through facilitating orientation, educational programs, and ongoing communication.
o Develop, document, and distribute how-to guides and update the internal knowledge base.
7. Adhere to Process and Policy:
o Monitor systems to drive zero data material breaches and findings in audits.
o Drive the closure of audit findings departmentally providing regular feedback.
o Support checks and monitoring of the internal control framework ensuring internal controls are reviewed periodically by departments as well as driving internal control adherence and compliance.
o Monitor and drive compliance with established security configuration standards and best practices. Verify compliance with established security configuration standards and best practices.
8. Drive the organisation culture within one’s centre:
o Drive the department’s values while inspiring confidence and generating excitement, enthusiasm, and commitment towards the mission.
o Serve as a leader of the culture program driving the desired behaviours and encouraging employee engagement.
o Create and implement strategies in collaboration with Change Management & HR to evaluate and maintain employee satisfaction.
o Drive Transformation and BBB-EE initiatives to ensure sustainable alignment to the company scorecard.
9. Provide leadership to employees within the organisation:
o Act as a change management architect in periods of change to ensure continuity of operations.
o Effectively communicate and embed new processes and procedures as they occur addressing or escalating matters/concerns to the SMEs (subject matter experts) when required.
o Facilitate the necessary presentations, workshops, or forums to ensure consistent and accurate communication is given across one’s centre/s.
Requirements:
* 2 Years’ experience within either an Information Security position or Cybersecurity, of which:
* In-depth knowledge of Cloud security platforms (MS Intune / O365 Security, etc.) (Advantageous).
* In-depth knowledge of Firewalls and Malicious Code Defense including APT (Advantageous).
* Knowledge of Cybersecurity technical assessments, standards, tools, and processes (Advantageous).
* Knowledge of common attack vectors (Advantageous).
* Knowledge of Vulnerability assessment tools (Nessus, Nmap) (Advantageous).
* Endpoint and network security tools/techniques (Advantageous).
* Bachelor’s degree in Information Security or similar.
* Industry certifications such as CISSP, SANS/GIAC: GSEC, GCIH, GFCA, GCFE, GCIA; EC-Council: CEH, ECIH, CHFI, ECSA; Security+; Tenable: TCNU, TCNA, TCSE ISO 27001 (advantageous).
Note: Communication will be limited to shortlisted applicants only.
SBV recruitment is committed to transformation and diversity alignment.
#J-18808-Ljbffr