Global Security Specialist
Job Description: Security Specialist
Location: South Africa
We’re looking for… A logical and open-minded security specialist that has a good security foundation.
A highly motivated individual who is willing to learn and implement new and exciting things.
Who are you? You’re a critical thinker who can Safeguard information system assets by identifying and solving potential and actual security problems.
What’s the role? The hands on control of security for an international company and management of Global systems. Tasks include items such as:
Skills and Knowledge
- Ability to conduct information security risk assessments
- Ability to create and execute security monitoring tool sets such as DLP, SIEM and Web Gateway, Cyber Protection.
- Exposure to cyber security or SOC monitoring.
- Strong technical ability.
- Stakeholder Management
- Ability to support an information security strategy that supports business needs
- Understanding of the NIST and ISO 27000 frameworks
- Business Acumen
- Interpersonal skills
- Multi task and quality focused.
- Good understanding of risk and compliance
- Understanding of business process analytics
- Project Management skills
Key Performance Areas:
- Training and awareness
- Data Privacy laws
- Governance documentation
- Security planning and future view
- Guide and assist regions in security task
- Monthly health checks
- Monitor, investigate and report on incidents.
- Be able to be a part of an incident response team and triage.
- Assess security incidents quickly and effectively and communicate a course of action to Regional Security SMEs.
- Compile and maintain information security incident reports. Ensure that all incidents are recorded and tracked to meet audit and legal requirements.
- Oversee and conduct root cause analysis to identify gaps and recommendations ultimately remediating risks to the organisation.
- Provide content creation and policy tuning for multiple security detection and alerting tools.
- Effectively manage reported system, application and device vulnerabilities and through remediation and maintenance in adherence with incident response procedures.
- Define and maintain all the security governance documents that are required to support the strategy/solutions.
- Develop and optimize processes to improve security threat identification and remediation.
- Maintain active understanding of industry practices for threat analytics and incident response.
- Assisting developers in secure coding best practices, risk mitigation techniques, and threat modelling.
- Explain, present, demonstrate (when applicable) and document the operational impact of a particular vulnerability, threat or risk.
- Monitor and maintain approved baseline network topologies and configuration.
- Compile vulnerability and penetration testing reports according to the Global Security standard.
- Conduct Phishing campaigns.
- Provide security, technical, configuration, and architecture support to Regional security SME representatives as required.
- Keep the information security toolset plan for IT functions agile and current to constantly be able to address risk.
- Create and develop policies and standards to be applied to ensure proper controls are in place.
- Embed and manage the ISO 27001 compliance standard and ensure proper processes and structures are put in place
- Define a process of understanding data flows, categorisations, locations and architecture of servers to fully be able to interpret the outputs of the reports and action accordingly.
- Manage third party interactions and manage alerts appropriately
- Manage a vulnerability management system in line with current risk management system
- Create and maintain security awareness campaigns and perform training on key security aspects and process change.
- Day to day operational tasks as assigned.
- Due to the Global nature of the role and the different time zones, scheduled after-hours and weekend work might be required.
- The employee is required to be on standby for urgent escalations at all times.
Boxes to tick
Work background that includes:
- A minimum of two (2) years relevant work experience
- Experience using vulnerability management tools, firewalls, intrusion detection systems, and responding to network/computer intrusions and supporting inquiries.
- Knowledge of information systems security principles and methods, the requirements for certification and accreditation of systems testing and evaluation, and performance management methods.
- Knowledge of test and assessment methods to evaluate security authentication technologies. Knowledge of standards like PCI, SOC2, ISO 27001.
- Expansive general IT knowledge.
- Industry recognized security certifications
You’re someone who…
- Has a PASSION for Security
- Is able to work independently and questions the status quo
- Has an above and beyond attitude
- Values constructive feedback
- Works well in a team
- Is proactive and service driven
- Is Honest and reliable
- Is able to remain flexible, function under pressure and maintain a positive attitude
- Is a highly energetic creative and lateral thinker
- Honest and reliable
- Self-motivated & well presented
- Demonstrate sound work ethics
- Amazing attention to detail
- Quick learner
- Effective listening and verbal and written communications skills
- Ability to communicate remotely with global team members
- Ability to multi-task and stay calm under pressure
- Excellent time management ability
- Highly organized, logical and structured individual