Information Security Analyst L1

Description

Gather information related to Technology Transformation & Innovation

• Research the latest information technology security threats and trends globally and use this information to provide the management team with the required information to implement solutions to protect SBV’s data.
• Adopt the strategic direction provided in order to execute duties, providing feedback as and when required.

Conduct Analysis & Planning Activities

• Gather evidence required for security and vulnerability assessments, providing findings to the Information Security Analyst L2 for review and reporting
• Conduct investigation on uses of data encryption, firewalls, and other appropriate security tools and applications to conceal and protect transfers of confidential digital information.
• Analyse security breaches to determine their root cause providing one’s findings and recommendations to the Information Security Officer.
• Conduct log correlation in the event of a breach or suspected data loss incident for investigative purposes. Evidence gathering to be presented to the Information Security Officer in form of a report.

Provide input into the Design for your area of responsibility

• Create content and drive security awareness through facilitating orientation, educational programs, and ongoing communication
• Investigate security remediation tool sets that will allow for automation on system threats through software development or off-the-shelf tools.
• Compile a business case outlining the preferred toolset, submitting for approval to the Information Security Officer
• Proactively configure and monitor security alerts relating to incidents, and disasters to reduce likelihood

Implementation & Execution within mandate

• Support Information Security Analyst L2 to conduct internal and external security reviews by conducting interviews, running toolsets and consolidating the information to provide recommendations to close any potential gaps within the process and or system
• Identify and respond to threats to meet or exceed defined SLAs, escalating where need be.
• Mitigate the incident and provide accurate documentation around the resolution process.
• Verify authorized access by conducting reviews of logical access on systems.
• Monitor and remediate network, intrusion detection and prevention systems on a daily basis for security breaches and investigate and report to the Information Security Officer when a violation occurs
• Monitor the information security compliance against SBV’s standards and best practices.
• Gather information and prepare reports that document security breaches and system compliance within the landscape

Risk & Quality Management within one’s area of responsibility

• Conducts vulnerability testing, risk analyses and security assessments providing findings to the Information Security Analyst L2
• Maintain compliance with core risk management concepts, such as vulnerability management and threat intelligence
• Support the Information Security Analyst L2 to create a collaborative program to coordinate and drive operational activities related to Cyber Security, including event and incident investigation, process development and optimization, playbooks, and exercise development.
• Assists with managing vendor resource deliverables to ensure quality and consistency against SLA as per mandate
• To be the point of contact that interface between vendors and business units during audits, assessments or security reviews as per mandate
• Advise Technology business partners on regulatory, compliance (POPI, PAIA, etc) and/or legal requirements as it relates to securing of data
• Drive compliance regarding Information Security business continuity planning.
• Subscribe and align to SBV Services\’ ISO 9001:2015 Quality Management Standards, ensuring the department’s processes and quality management system is at all times in compliance with the standard
• Support SBVs ESG journey, reporting on and managing the ESG requirements to ensure a positive reflection and outcome

Create awareness of IT Security good practices to the relevant stakeholders through communication and training

• Provide system users with assistance guidance about new security products and procedures
• Drive compliance with Cyber security Training, in conjunction with Organisational Development, and awareness including alerting and escalations of non-compliant staff
• Deliver security awareness through facilitating the orientation, educational programs, and on-going communication
• Develop, document and distribute how-to guides and update the internal knowledge base

Adhere to Process and Policy

• Monitoring of systems to drive 0 data material breaches and findings in Audits
• Drive the closure of audit findings departmentally providing regular feedback to the Information Security Officer
• Support with checks and monitoring of internal control framework ensuring internal controls are reviewed periodically by departments as well as driving internal control adherence and compliance
• Monitor and drive compliance with established security configuration standards and best practices. Verify compliance with established security configuration standards and best practice

Lead as an Ambassador and executor of Change

• Act as a change management architect in periods of change to ensure business continuity.
• Manage the integration of business units into a seamless end to end solution for customers.
• Effectively communicate and embed new processes and procedures as they occur, addressing or escalating matters/ concerns to the SME’s (subject matter experts) when required.
• Facilitate the necessary presentations, workshops, or forums to ensure consistent and accurate information is given across one\’s portfolio

Communication will be limited to shortlisted candidates only.

SBV recruitment is committed to transformation and diversity alignment

Requirements

• Bachelor’s degree in Information Security or similar.
• Industry certifications such as CISSP, SANS/GIAC: GSEC, GCIH, GFCA, GCFE, GCIA; EC-Council: CEH, ECIH, CHFI, ECSA; Security+; Tenable: TCNU, TCNA, TCSE ISO 27001 (advantageous)

Requirements: Work Experience

• 2 Years’ experience within either an Information Security position or Cybersecurity, of which:
• 2 Years’ IT administration experience
• In-depth knowledge of Cloud security platform (MS Intune / O365 Security, etc.) (Advantageous)
• In-depth knowledge of Firewalls and Malicious Code Defense including APT (Advantageous)
• Knowledge of Cybersecurity technical assessments, standards, tools, and processes (Advantageous)
• Knowledge of common attack vectors (Advantageous)
• Knowledge of Vulnerability assessment tools (Nessus, Nmap) (Advantageous)
• Endpoint and network security tools/techniques (Advantageous)

Work Level: Skilled

Job Type: Permanent

Salary: Market Related

EE Position: No

Location: Houghton