This vacancy has expired; application will not be possible.

JOB SPECIFICATION - EXPIRED VACANCY
Job RefGri_IT _100
Job TitleCyber Security Professional
Vacancy Expiry Date11-08-2021
Position Start Date01-10-2021
Country South Africa
CompanyGrindrod Bank Limited
DepartmentIT Support
ProvinceGauteng
CategoryInformation Technology
Employment EquityBBBEE
Annual Income (Cost To Company)Market Related
Job Type Permanent
Overview of role

The Cyber Security Professional is part of an integrated team dedicated to mitigating risks through the efficient and effective application of Information security expertise. Will be instrumental in providing analytical Security Data to business for managing and coordinating incidents. Understand architecture, administration, and management of operating systems, networking, and virtualization software. Will be responsible for overlooking the configuration management of the firewalls. General programming/software development concepts and software analytical skills.

Understanding of how the different type of firewalls and network load balances work. Deep understanding of how network routers and switches work. Evaluate and design systems and network architectures.  Drive network, server, and application hardening. Take responsibility for standards and configuration (but not operation) of Active Directory & policy driven security & anti-malware & anti-viruses.  Be responsible for managing PCI-DSS within company.

The purpose of the IT Security Specialist role is to monitor the threat landscape and to select/implement security counter measures to secure information assets within the Banking environment. To also provide expect review of alerts/logs/events from SIEMs, and hands on management and administration of various enterprise security tools related to SOC to determine relevancy and urgency. The technologies and processes include (but are not limited to) Intrusion Sensors, Denial of Service mitigation, Network access management, Network activity monitors, Security Information and Event Management systems, Advanced threat detection solutions, Threat analysis, and Incident response processes. A key requirement for this function is the continuous optimization of configurations for new and existing security technologies.

Responsibilities
  • Development, provisioning and successful execution of Data Leakage incident management services.
  • Define and clearly document the business requirements & processes associated with all aspects of Cyber Security.
  • Ensure that data standards and polices are fully adhered to in accordance of stated global requirements.
  • Manage Cyber incidents and take ownership for effective coordination until resolution.
  • Liaise with the business representatives as focal point for all Cyber Incidents reported.
  • Identify patterns and trends across incidents to provide advanced warning on new incidents.
  • Assist Team Leader in ensuring that all process flows, procedures and controls are fully documented and maintained and reviewed on a regular basis.
  • Ensuring the Incident Management process is performed as designed.
  • Compile and submit M.I.S reports and Incident Dashboard.
  • Translate regulatory requirements into a data policy rule set.
  • Report non-compliance & deviations to appropriate stakeholders
  • Examine security from a holistic view, including threat modeling, specifications, implementation, testing, and vulnerability assessment
  • Understand security issues associated with operating systems, networking, and virtualization software
  • Understand Web application security concepts and practices
  • Understand the architecture of systems and network including identifying the security controls in place and how they are used
  • Understand database weaknesses and security best practices
  • Advanced understanding of general information security concepts and principles, system architectures and development
  • Expert knowledge of software development security principles, concepts, and best practices
  • Ability to write tools to automate certain security tasks
  • Ability to do Systems and Network hardening
  • Perform, Organize and coordinate technical Vulnerability Assessments including systems and network vulnerability assessments, penetration testing, web application assessments, social engineering assessments, physical security assessments, wireless security assessments and implementing secure infrastructure solutions
  • Recommend and set the technical direction for managing security incidents
  • Maintain the integrity of process and approach, as well as controls, for the whole incident management process including the ability to coordinate and manage major/highly sensitive investigations with potential for business wide impact/reputational damage
  • Be able to understand and forensically show how attacks from the Internet are done
Qualification

B Science (Computer Science)

Comptia Security+

Ethical Hacker Course CEH (desirable)

Certified Information Systems Security Professional (CISSP) (desirable)

Certified Information Security Manager (CISM) (desirable)

(PCIP) PCI Professional (very desirable)

Experience

About 5 years’ experience

Computer Security experience will be beneficial

Personal characteristics
  • Open Source Applications
  • Linux Operating Systems
  • Microsoft Technologies
  • Wireless Technologies
  • Database security experience
  • Web Application Technologies
  • Compiled and Interpreted Development Languages
  • Network Implementation (Operational and Security)
  • Telephony Technologies (Analog and IP)
  • Social Engineering
  • Physical Security
  • Security Industry Standards