SECURITY ENGINER

SECURITY ENGINEER

STELLENBOSCH (REMOTE)

Applications are invited for the above-mentioned position. The position will work remotely but need to be willing to travel to Stellenbosch and other areas as and when required. The individual will report to the Head of Enterprise Architecture, Infrastructure and Security.

PURPOSE OF THE ROLE:

• The Security Engineer will be responsible for the system, applications and information

security across the organisation.

The role will also be responsible for all the shared infrastructure (servers) being

deployed in the group, including all the OSS/BSS services running at the various branches.

Key Responsibility Areas:

• Assist in implementing technical expertise and direction of the central infrastructure team.
• IT Risk assessment, penetration test, vulnerability scans, and social engineering.
• Responsible for all data security, system backups and disaster recovery procedures.
• Responsible for conducting monthly vulnerability scans and disaster recovery simulations; and communicating the critical results to management.
• Monitors Information Security industry trends and advises the team of critical information updates.
• Develops, plans, and manages the Information Security Program to include policies, procedures, and standards.
• Assists the senior engineer with project initiatives to research, validate, and manage Information Security vendors and products to ensure robust detection, prevention, and monitoring tools are in place.
• Defines the Information Security plan to resolve gaps identified from audits, risk assessments or vulnerability scans.
• Initiates cyber security investigations providing summaries and recommendations to resolve the matter.
• Works closely with IT and project teams to ensure that new projects meet or exceed information security requirements.
• Achieves Information Security and operational objectives by developing and executing strategic plans which reduce risk to information assets.
• Protects information assets by developing security strategies, directing system access control, monitoring, and response.
• Implements regulatory requirements, industry standards, and best practices such as POPI, GDPR, etc ensuring the Information Security Program is held to the highest standard.
• Assists in Information Security projects to align with organizational strategic objectives, goals, and risk tolerance.

The successful candidate must have the following experience/skills: -

• At least 4 years of information security experience.
• At least 2 years of server administration experience.
• Experience with standards and best practices such as POPI, GDPR, SOC 2 compliance.
• Required demonstrated knowledge of information technology security trends and leading best practices.
• Experience and expertise in managing and administering infrastructure and data systems.
• Minimum of 2 years’ experience in at least five of the following: access control systems and methodology; business continuity and disaster recovery planning; risk, response, and recovery; network security architecture; security management practices; audit and monitoring; enterprise and IT risk assessments; incident response management.
• Demonstrable experience of managing complex disaster recovery plans & procedures.
• Demonstrable experience of drafting and introduction of data protection and disaster recovery policies.
• Requires working knowledge of ISP’s and its operations and procedures.
• Excellent time management skills and the ability to prioritize multiple initiatives and projects.
• Must be able to work under pressure.
• Able to work in a high-pressure environment.
• Be self-motivated and be willing to go the extra mile.
• Ability to establish strategic direction for the department and provide the roadmap of initiatives and priorities in support of that vision.
• Ability to operate at all levels of the team.
• Demonstrate flexibility and the ability to work in a team environment.
• Excellent interpersonal skills including oral and written communications.
• Ability to maintain a high level of confidentiality.
• Technically proficient in IT and Information Security controls and concepts.
• Strong organizational and planning skills, resourcefulness, and creative problem-solving skills.

Qualifications

• Degree in Computer Science, Information Technology or related field is preferred.
• Certifications in Information Security is required.