Job Hunter





9 Hits


Job Title Information Security Specialist
Reporting To (Job Title) Senior Infrastructure Service Delivery Manager
Job Type Classification Permanent
Location - Town / City Sandton
Division Information Technology
Department Information Technology
Closing date: 2017/11/10

Job Summary The purpose of the role is to provide Information Security Assurance services (implementation, monitoring, enforcement and reporting) for all JSE technology systems and services as required by the JSE Enterprise Architecture Information Security precepts and to contribute to the design of current and future information security technology systems and services in support of the JSE IT strategy.
The JSE is an equal employment opportunity employer and invites all designated groups, including people with disability to apply.
Responsibilities / Outputs • Provide strategic thinking and contributions to crafting of departmental business plan based on professional knowledge and experience, to ensure delivery of focus areas for the year in support of IT strategy
• Apply cost effectiveness principles in planning and delivery to contribute to achievement of divisional financial targets
• Ensure consistent results are delivered by continuous measurement against standards and SLAs
• Ensure delivery of the application services based aspects of the JSE Information security roadmap
• Provide input into the formalisation for the divisional budget
• Ensure own deliverables stay within the agreed project scope, timelines and budget
• Contribute to the design and evolution of the JSE Enterprise Architecture Information Security precepts in the mitigation of current and future threats to existing technology systems and services and those being considered for adoption by providing thought leadership, guidance and specialist input through information security knowledge and fit for purpose product suggestions
• Ensure systems, products or projects delivered contributes to improve client/JSE service by providing input on budgets, resources required and process based on the understanding of costs, business objectives and relationship with external suppliers and stakeholders
• Contribute as professional taking responsibility for both operational and strategic initiatives
• Ensure collaboration with the ISO (Information security Officer, Enterprise Architecture, Solution Architects, Application developers, other ITD teams and other JSE stakeholders
• Act as the security ambassadors in the JSE community by propagating security awareness across all JSE staff at all opportunities to get buy in from the JSE community
• Build strategic JSE / Industry/ Global network and relationships utilising social media, attending and presenting at conferences and training interventions
• Manage own delivery against annual delivery plan and set timelines, identify obstacles to delivery and take appropriate action where required
• Ensure information security assurance (troubleshooting, threat identification and mitigation efforts) in all applications services before deployment into production and continued assurance post deployment into production
• Provide 1st and 2nd level support for the operations teams on security related matters to ensure resolution and minimised risks
• Participate in the incident management and loss prevention approaches within the JSE Information Technology space to minimise risks
• Ensure resolution of relevant issues in the environment until satisfactory resolution of the end to end process
• Involve relevant stakeholders in issue resolution and solution design
• Manage and drive out the remediation of security related vulnerabilities in accordance to the JSE Vulnerability Management workflow process
• Ensure compliance with all JSE information security standard operating processes and procedures
• Ensure all information security objectives for each system and service are executed in a test environment prior to production rollout
• Execute manual ethical penetration testing in accordance to the approved JSE methodology, process and practice
• Provide all stakeholders with the relevant security assessment reports within agreed timelines
• Contribute to crafting risk mitigation measures, processes and solutions to all risks identified in penetration testing and otherwise
• Participate in SACOE (Solution Architecture Centre of Excellence) sessions with the objective of ensuring security principles embedded in solution designs are practical and can be implemented in our current environment
• Engage with information security vendors to ensure products are best fit for purpose and establish a continuous vehicle for keeping up to date with threats and risks
• Engage the wider South African and International security community (e.g. security groups in IOSCO, WFE) to gain understanding of current and emerging information security threats
Experience • Required qualification: University degree or equivalent IT work experience. Certification / Qualification in Information Systems e.g. certified ethical hacker (CEH) and Network Security Administrator (NSA) or certified applications tester.
• 7 years IT work experience including 3+ years Information Security Specialist experience
Skills • Software applications (e.g., Outlook, Word, Excel, Access, Internet, Email)
• Knowledge in Microsoft Visio (Process flows)
• Penetration testing principals and methodologies
• Penetration testing techniques and tools (Burp, Metasploit, Wireshark, John the Ripper, Cain & Abel, Kali, Nmap)
• Software Development Lifecycle (Agile Adaptive & Waterfall Predictive)
• Industry standard test and defect management tools (MTM, TFS)
• Intermediate programming knowledge
• Intermediate database knowledge

Register and APPLY Online

Policy Preference will be given to Employment Equity (EE) candidates based on the JSE's commitment to transformation and in terms of the prevailing employment equity policy. The JSE Limited (“the JSE”) reserves the right not to make an appointment or to stop the recruitment process at any stage to headhunt or re-advertise a post. Candidates who do not meet the minimum criteria will not be considered. The JSE will endeavour, where possible, to allow for a minimum period of four weeks from the date of placing a recruitment advertisement. The four week period is applied at the sole discretion of the JSE and may be varied by the JSE at any stage in the recruitment process. The JSE reserves the right, in the event that the four week period is shortened, for whatever reason, to inform only such candidates (either internal or external) who have applied or have been interviewed for the position advertised. The JSE therefore encourages all potential candidates to apply as soon as a position is advertised. 

Sorry, comments are unavailable..