Duties & Responsibilities
A financial institution in Pretoria has embarked on an ambitious programme to totally revamp their entire IT landscape. As such, they require the services of a number of highly competent IT professionals to join them on this journey. An initial contract of 12 months will be offered, and this could then be renewed for a further 2 years.
- Drive an ISMS (Information Security Management System) assessment methodology across the Group that incorporates threat, risk and control assessments augmented by incident management and audit finding information.
- Plan and prioritise information and cyber security risk assessments across the Group considering the ISMS rollout plan across the Group based on exposure.
- Collect and compile all needed business area function, process and technical information in order to appropriately scope and plan for all assessments.
- Identify the information assets across the Group and rate the potential impact related to the breach of confidentiality, integrity or availability whilst integrating with the business continuity impact rating process as far as possible.
- Integrate with the threat assessment process by working with the Threat Analyst to ensure an appropriate threat landscape for use in the business risk process.
- Assist the threat analyst in identifying and rating vulnerabilities and controls related to threats.
- Identify applicable risks and deriving the residual likelihood of success and business impact rating through facilitating discussion with the subject matter experts and applicable business areas.
- Maintain and report on the SARB Risk Universe through thorough, concise and reliable risk assessment reports, including risk mitigation plans for departments.
- Bachelor Degree (NQF 7) in Security / Information Technology, OR equivalent.
- 5 to 8 years’ experience in an Information Technology environment, of which 2 years have been within an Security Risk environment.
- Security Certification e.g. CRISC, CISSP, CISM would be an added advantage.
- The ability to engage with stakeholders across the Group at different levels of seniority.
- The ability to solicit information, and to convey and explain information fluently.