IT Security Specialist - Networks & IT

The IT Security Specialist is responsible for the implementation and operation of the company’s security programs combining cost-effective technical measures with security controls derived from industry standards and best practices in alignment with the company's strategic goals.

This responsibility includes end-point security, security event response management, threat hunting, data loss prevention, penetration testing, vulnerability assessment, privilege access management and the continuous evolution of the required techniques and systems to reduce the company’s security risks.         

KEY FUNCTIONS

Annual Operating Strategy

• Formulate IT security strategy in alignment with business strategy using industry best practices; This includes elements of security event management, security awareness training, vulnerability management, security compliance audit, security incidence response and privilege management.
• Analyse international market trends and product standards and the creation of vendor products strategy.
• Conduct threat intelligence research to develop security recommendations that support business continuity and operations through effective implementation of information security risk management and business continuity management plans, policies, and practices.
• Analyze and evaluate technology security risks to protect the organization’s information assets, ensuring data integrity, accuracy, and confidentiality. Contribute insights and recommendations to strengthen the information governance strategy, aligning with the broader business planning process.

Patch Management

• Execute compliance audit scans on company information management systems, supplying remediation instructions to IT Custodians to maintain secure and updated systems.

Security Incident Response

• Report and investigate security incidents, generate tickets, evaluate the scene and preserve evidence; analyse evidence and complete reports and lessons learned.

Security Policy Design

• Create, review, and enforce security standards, policies, protocols, procedures and for ensuring compliance with document format and uploading of documents to the process repository for ultimate publication.

Security Awareness

• Research current threat intelligence landscape to properly define security awareness training objectives and assess employee security training needs; Assign training plans, analyze, and report training findings.

Consultancy Services

• Evaluate security projects including the design, implementation and integration of new or upgraded technologies with cross-functional teams to communicate and integrate security control requirements.

Contract Management/ Solution Procurement

• Initiate the Procurement and Legal processes for new or existing solution providers by ensuring the necessary documentation requirements are met and approved. While ensuring the service level agreements for new security contracts are in support of business goals.

Privilege Management

• Review requests for privileged accounts and create, modify, or disable them accordingly.

Security Information Events Management

• Oversee activities spanning identification of collection points, development of collection strategies, change management, triggering of alerts and queries, data analytics, and the creation of reports and dashboards.

Vulnerability Management

• Identify, categorize, prioritize, and resolve vulnerabilities in operating systems (OS), enterprise applications (whether in the cloud or on-premises), browsers, and end-user applications by continually identifying vulnerabilities that can be remediated through patching and configuration of security settings.

Third Party Cyber Risk Management

• Evaluate and monitor the cybersecurity posture of third-party vendors, ensuring compliance with security standards, and mitigating risks arising from external partnerships.

Endpoint Detection and Response Management

• Oversee the administration of the organization's antimalware and endpoint detection and response (EDR) solutions, focusing on policy configuration, regular updates, and conducting advanced threat-hunting activities to proactively identify and mitigate potential malware threats.
• Workplace Safety- to conform to the OSH Act and company HSE policies and procedures and oversee compliance by contracted service providers.
• To perform any such related duties that may be assigned by the IT Security Manager. 

EDUCATION:

• An undergraduate degree in Information Security, Computer Information Systems, Network Security, Computer Science or a related field of study.
• At least 2 of the following IT Security certifications (or equivalent):

⮚       CompTIA Security+

⮚       Certified Ethical Hacker (CEH)

⮚       GIAC Certified Incident Handler (GCIH)

⮚       Cisco Certified Network Associate Security (CCNA Security)

⮚       Offensive Security Certified Professional (OSCP)

⮚       Certified Cloud Security Professional (CCSP)

⮚       CompTIA CASP+

EXPERIENCE/ TRAINING:

• A minimum of five (5) years of combined IT and security work, with three (3) years of which involves designing, deploying and managing security solutions. A minimum of two (2) years’ experience working in a Cloud Environment.
• Experience with a broad range of exposure to systems analysis, application development, and systems administration.
• Working knowledge of security issues, techniques and implications across computer platforms.

 FUNCTIONAL COMPETENCIES:

• Cloud First Focus – Ability to adopt, implement and maintain a cloud-first approach to the overall IT solution support, design and application development in conjunction with Technology Vendors to deliver solutions that align with current and future business requirements, both internally and helping our customers make use of secure, scalable and reliable cloud solutions at a competitive price.
• Solution Design & Implementation – The specification, design, and implementation of information systems solutions (security, applications, network, database, cloud, data center etc.) to meet defined business needs either internally or commercially that are in alignment with corporate strategy, industry best practice and within constraints of cost, security, and sustainability. It spans the identification of concepts and their translation into an implementable design; planning, development, testing and the go-live of the final product or service and ensures the optimum use of current solutions, retention of compatibility with enterprise and solution architectures and avoiding solution duplication.
• IT Service Management – The ability to manage IT solutions and resources required to plan for, develop, deliver, and support IT services and products to meet the current and future needs of the business that will strengthen the company's competitive advantage. It includes the preparation for new or changed services, management of the change process and the maintenance of standards. The identification, analysis, clarification, and communication of the context of use in which solutions will operate, and of the goals of products, systems or services. Analysis and prioritization of stakeholders’ “user experience” needs and definition of required system behaviour and performance. This includes negotiation, implementation and monitoring of service level agreements, seeking continually and proactively to improve service delivery and sustainability targets.
• Digital Transformation – Ability to perform creative problem solving, partnering with vendors and using a variety of techniques to come up with innovative solutions using technology to assist with the defining or redefining of TSTT’s products and services. These include the management of all activities required to launch a new product, service, process or concept using digital tools and platforms including the ability to manage digital products as they move through the typical stages of their product lifecycle: Development and Introduction, Growth, Maturity/Stability, and Decline. Ability to identify, implement and utilize specific solutions that will deliver on TSTT’s digital value proposition.
• IT Project Mgt. – The management and delivery of projects from design, development, and implementation of IT solutions to meet identified business needs using industry best practices. This includes the ability to categorize the solution into cycles to deliver a working product within time constraints using agile principles that allows teams to respond rapidly, efficiently, and effectively to changes. Ensures the delivery of features with the greatest business value first, and having the realtime information to tightly manage cost, time, scope and quality.
• Information Security Risk Management – Working knowledge of how to safeguard the confidentiality, integrity, and availability of information and information processing facilities using defined IT security principles, controls, and best practices that are aligned with the business objectives and through security awareness.

CORE AND LEADERSHIP COMPETENCIES:

Organisational Awareness: Contributes to the organisation by understanding and aligning actions with the organisation's goals, core functions, needs, and values. Contributes to the organisation by actively demonstrating the alignment of activities with the organisation strategies, key initiatives, core functions, needs, and values and supporting others to do the same.

Customer Focus: Prioritises and takes action on the needs of both internal and external customers. Designs and delivers products and services with the customer experience top of mind.

Planning and Results Orientation: Invests time in upfront planning to achieve organisational goals and objectives while meeting quality standards, following the appropriate processes, and continuously assessing results.

Creativity and Innovation: Thinks beyond the confines of traditional models to recognise opportunities and find new and better ways of doing things to be and remain an agile broadband provider. Encourages experimentation and accepts failure as a driver of innovation.

Communication: Effectively and appropriately interacts with others to build relationships, influence others, and facilitate sharing ideas and information. Uses tact and diplomacy to navigate demanding situations. Relays key messages by creating a compelling story targeted to specific audiences.

Strategic Leadership and Execution: Applies vision to think beyond the immediate situation and explore multiple potential paths. Invests time in planning, discovery, and reflection to drive decisions and more efficient implementation. Ensures that business goals are met by executing, monitoring, and adjusting the organizational action plan.

People Leadership: Inspires, motivates, and empowers people to achieve organizational goals. Coaches, mentors, and manages employee experience and performance through mindful preparation. Creates space for others to lead.

Managing Through Change and Uncertainty: Adjusts thinking and behaviour to resiliently face change and uses experience to fuel growth. Embraces failure as a learning opportunity for themselves and others. Enables the process of change and transition while helping others deal with the effects of change.

Relationship Building: Develops internal and external trusting, professional relationships. Purposefully develops networks to build value through collaboration.

Deadline date for applications: Friday 6^th December 2024