Job Description

Our client in the Pharmaceutical Retail industry is currently looking for a Senior IT Security Engineer in Midrand, Johannesburg.

Responsibilities:

• IT Security Planning and Monitoring:
• Architect, design, implement, maintain and operate information system security controls and countermeasures.
• Implement new security systems/platforms as per the Cyber Security Roadmap.
• Analyze and recommend security controls and procedures in acquisition, development, and change management lifecycle of information systems, and monitors for compliance.
• Analyze and recommend security controls and procedures in business processes related to use of information systems and assets, and monitors for compliance.
• Monitor information systems for security incidents and vulnerabilities; develops monitoring and visibility capabilities; reports on incidents, vulnerabilities, and trends.
• Respond to information system security incidents, including investigation of, countermeasures to, and recovery from computer-based attacks, unauthorized access, and policy breaches; interacts and coordinates with third-party incident responders, including law enforcement.
• Administer authentication and access controls, including the creation, modification, and deactivation of user and system accounts, security/access roles, and information asset access rights.
• Analyze trends, news and changes in threat and compliance environment with respect to organizational risk; advises organization management and develops and executes plans for compliance and mitigation of risk; performs risk and compliance self-assessments, and engages and coordinates third-party risk and compliance assessments.
• Perform patch management of endpoints and servers to ensure highest level of security on all critical systems.
• Conduct red team exercises and remediation on mission-critical systems.
• Review, understand and correlate data from multiple sources, not limited to user authentication events, windows security event logs, intrusion detections alerts, proxy logs and firewall events.
• Security Compliance:
• Assist with the documentation of security policies as well as promote activities and procedures to create a general awareness about the significance of security within the organization.
• Assist with the maintenance of information security policies and procedures and to ensure that the security strategies are being followed, to meet the organizational security goals and standards.
• Perform Payment Card Industry (PCI) compliance and IT General Controls (ITGC) related tasks as directed.
• Assist with the monitoring of internet access utilized by employees within the Group.
• Assist with the identification, investigation and resolution of security breaches.
• Develop and administers, or provides advice, evaluation, and oversight for, information security training and awareness programs.
• Manage configuration and change control records with regards to IT security system activities.
• Stakeholder Liaison:
• Engage management on users that default their Cyber Security Awareness Training to ensure compliance.
• Liaise with stakeholders to perform root cause analysis and trend analysis of security threats.
• Perform various administrative duties related to information security.
• Keep accurate record of all hard copy documents, related to the department in a logical filing system.

• Must have a Degree in IT.
• CISA or CISSP (Will consider a Diploma)
• CEH - Ethical Hacking is a definite requirement and non-negotiable.
• Minimum of 5 years experience in IT Security and 7 years IT experience.
• Understand Security Framework.
• ISO 27001 or other ISO Frameworks.
• Experience with NIST Cybersecurity Framework.
• Experience with Data Protection and Privacy (POPI and GDPR)
• PCI (Payment Card Industry-Data Security Standard) Compliance.
• Technical experience in Network Security.
• Ethical hacking experience.
• Penetration testing experience.
• Vulnerability Management.
• Technical experience in overall Security Tools (e.g., Firewall, IDS, etc.)
• Content filtering.
• Incident Response Management.
• Patch Management.
• Assist with creation, implementation and maintenance of compliance and security policies.

• R840 000 - R960 000 per annum.

InspHired Recruitment Solutions