Senior IT Security Specialist at Sasria

Job Advert Summary    

• To actively protect the organisations information technology assets and infrastructure from external or internal threats and ensuring compliance with statutory and regulatory requirements regarding information security and privacy. Also, to ensure security controls are implemented and managed across the organisation and to improve the overall security posture while maintaining the integrity of the Sasria brand.

Minimum Requirements    

Qualifications

• Information Technology (IT) related bachelor’s degree/Diploma as recognized by SAQA.
• COBIT Mandatory
• Any (1) of the IT security certifications is mandatory 
• e.g: 
• CompTIA Security
• CISCO certified
• Fortinet certified
• CISSP

Experience

• 6 years+ of Information and Technology security experience with advanced knowledge of the following technology environments: DarktraceTechnology, Fortinet Firewalls Zscaler Technology, Mimecast, Crowd strike and familiarity with industry SIEM solutions

Duties and Responsibilities    

• Not limited to;

Cybersecurity program 

• Understand Sasria’s strategy and the cybersecurity implications to enable digital trust within Sasria’s operations and platforms.
• Design, configure, deploy, and maintain security controls to safeguard Sasria’s infrastructure.
• Actively protect the organization’s information technology assets and infrastructure from external or internal threats and ensure compliance with statutory and regulatory requirements regarding information access, security, and privacy.
• Analyse problems, and recommend solutions, products, and technologies to meet business security and information security objectives.
• Data Protection and Encryption
• Understand organizational information data flow and maintain an inventory of data to ensure sensitive information is identified and protected adequately.
• Understand data classification framework and implement controls as per sensitivity levels.
• Ensure protection of data with advanced data encryption, data masking, or tokenization, to protect data across applications, transactions, storage, and big data platforms, on endpoints, servers, databases, and cloud environments.
• Develop or install software, such as data encryption programs for data at rest, in transit, and in use such as SSL certificates to protect sensitive information.

Network, Web and Endpoint Security and Monitoring 

• Build, maintain and upgrade security technology, such as firewalls, web application firewalls; network access controls; web security controls; endpoint security controls for the safe use of computer networks, and the transmission and retrieval of information during business operations.
• Maintain the malware and destructive activities policy rules across security platforms to ensure business continuity while security is maintained.
• Coordinate monitoring of networks or systems for security breaches or intrusions across Cloud and On-premises platforms.
• Ensure endpoint security controls have covered the whole Sasria landscape and remain effective in identifying and mitigating threats in line with the in-depth layered defense approach.

Threat and Vulnerability management

• Lead threat landscape assessment and situational Cyber-attack Vulnerability awareness through an understanding of the vulnerability Detection, Management management program.
• Ensure vulnerability assessments and penetration tests are performed periodically.
• Analyse, and interpret vulnerability results and facilitate Protection, and Response Maturity levels remediation of identified vulnerabilities in conjunction with other IT departments, and business applications owners.

Physical security

• Support facilities with the implementation of physical security measures designed to deny unauthorized access to Sasria premises.
• Ensure robust and fit-for-purpose access controls, surveillance cameras, and intrusion systems.
• Ensure advanced controls are in place for high-risk areas such as data centers and computer storage areas. 

Disaster Recovery and Business Continuity 

• Support the development of disaster response and recovery strategies within Sasria.
• Ensure seamless transition between Sasria and the disaster recovery site during security breaches or other business interruptions.
• Troubleshoot security and network problems to maintain a fit-for-purpose DR site and business continuity – plans. 

Incident Response and Third Line Support

• Provide second-line support to users with any Information Security related queries within the SLA period.
• Provide technical support to computer users for installation and use of security products.
• Oversee and provide advanced support on open issues (e.g.,customer logged tickets, incidents, projects, etc.)
• Assist in incident response for any breaches, intrusions, or theft.

Ad hoc

• Continuously develop information security standards and best practices to respond to the changing environment.
• Follow the Procurement processes to purchase and identify the right service providers for security services.
• Oversee Third-party service delivery in line with defined service level agreements.