SUMMARY:
Implement and ensure compliance with regulatory requirements aligned with standards such as
ISO/IEC 38500, ISO/IEC 27001, ISO/IEC 27002, ISO 9001, ISO 14589, ISO/IEC 20000, ISO Domains: ISO
31000, ISO/IEC 27005, ISO/IEC 27005, ISO 27035, ISO 27031, ISO 27003
POSITION INFO:
There is a 24 months fixed term contract for ICT SECURITY SPECIALIST in Pretoria.
PURPOSE OF THE JOB
The ICT Security Specialist is responsible for developing, implementing, and maintaining the organisation''s information security strategy, ensuring alignment with ISO 27002/1 standards and COBIT 19 security domains. This role focuses on safeguarding sensitive data, systems, and infrastructure by overseeing security policies, conducting risk management activities, and leading efforts to prevent and respond to security breaches.
The ICT Security Specialist will also review and implement controls to address audit findings, ensure compliance with technical cybersecurity standards, and maintain security policies and SOPs.
REQUIRED QUALIFICATIONS
• Degree or diploma in Information Technology.
• Certifications (Preferred over a formal degree):
Technical Cybersecurity Certifications: CISSP, CEH (Certified Ethical Hacker), CompTIA Security+, or ECIH (Certified Incident Handler). o Framework Knowledge: Certifications in ISO 27001, NIST, or other relevant cybersecurity standards. o Hands-on Experience: Practical experience in implementing security measures, incident response, and technical security controls.
REQUIRED WORK EXPERIENCE
• Minimum 5 years of experience in a hands-on cybersecurity role, including:
Security operations and incident handling.
Vulnerability assessments and penetration testing.
Technical leadership in cybersecurity implementations.
KEY DELIVERABLES
Technical Security Implementation:
• Lead the implementation of cybersecurity measures across the organisation, focusing on network, server, and application security.
• Proactively identify and remediate vulnerabilities through vulnerability assessments and penetration testing.
• Configure and maintain security technologies, including firewalls, intrusion detection/prevention systems (IDS/IPS), and antivirus solutions.
• Develop and implement security controls to protect against unauthorised access, data breaches, and other cyber threats.
Incident Handling & Technical Support:
• Act as the primary responder for security incidents, conducting in-depth investigations and technical analysis to identify root causes and mitigate impacts.
• Provide expert technical support to the broader ICT team in resolving complex security issues.
• Document and report on security incidents, providing recommendations to prevent recurrence.
Cybersecurity Measures & Controls:
• Work closely with the ICT team to implement and optimize security controls within existing systems.
• Establish and document security protocols and guidelines to enhance the overall security framework.
• Monitor and analyse logs, traffic, and other data sources to detect and respond to potential security threats.
Threat Intelligence & Vulnerability Management:
• Collect, analyse, and utilize threat intelligence to inform security strategies and responses.
• Conduct ongoing vulnerability assessments to identify security gaps and recommend technical solutions.
• Engage in hands-on configuration and tuning of security technologies to bolster defences.
Collaboration & Technical Leadership:
• Collaborate with technical teams to ensure that cybersecurity measures are effectively integrated into ICT operations.
• Provide guidance and technical expertise to ICT staff on security best practices.
• Lead the development of technical solutions to enhance security, including deploying security patches and updates.
Audit Findings Review & Control Implementation:
• Regularly review internal and external audit reports related to cybersecurity to identify gaps, vulnerabilities, and areas of non-compliance. 3
• Develop corrective action plans to address audit findings, prioritising critical issues that could impact the organisation’s security posture.
• Work with technical teams to implement security controls and corrective measures to mitigate identified risks, ensuring audit recommendations are fully addressed.
• Establish processes to continuously monitor the effectiveness of implemented controls, ensuring they meet the intended security objectives and comply with relevant standards.
• Document all implemented measures and prepare reports detailing actions taken, compliance status, and any residual risks.
• Collaborate with auditors, risk management teams, and other stakeholders to validate that the implemented controls effectively mitigate the identified risks.
• Recommend and implement preventive measures based on audit findings to strengthen security controls and reduce the likelihood of future issues.
Policy and SOP Review & Maintenance:
• Regularly review and update ICT security policies and Standard Operating Procedures (SOPs) to ensure they align with current security standards and best practices.
• Develop new policies and SOPs as required to address emerging security threats and operational needs.
• Ensure all security policies and procedures are effectively communicated to and understood by the relevant stakeholders.
• Monitor compliance with established security policies and SOPs, making adjustments as necessary to enhance security measures.
Compliance & Best Practices:
• Ensure that implemented and managed of IT Governance aligned with COBIT 2019 domains, ITIL Domain services,
• Implement and ensure compliance with regulatory requirements aligned with standards such as ISO/IEC 38500, ISO/IEC 27001, ISO/IEC 27002, ISO 9001, ISO 14589, ISO/IEC 20000, ISO Domains: ISO 31000, ISO/IEC 27005, ISO/IEC 27005, ISO 27035, ISO 27031, ISO 27003
• Legislation: Compliance with: o NIST, and other specific cybersecurity frameworks. o Ensure compliance with information security legal and regulatory obligations including the Protection of Personal Information Act, 2013, o Cybercrimes Act 19 of 2020 o National Archives and Record Service of South Africa Act 43 of 1996.
COMPETENCIES AND SKILLS
• Proficiency in technical cybersecurity operations, including hands-on experience with security tools and systems.
• Strong understanding of networking, server infrastructure, and security technologies.
• Ability to respond effectively to cyberattacks and security incidents with practical, hands-on solutions.
• Excellent problem-solving skills and the ability to work independently within a fast-paced environment.
• Strong communication skills with the ability to collaborate effectively with technical teams.
send cv that has 3 ref:
012 301 53 70
