South Africa

Senior Engineer: IT Security and Risk (Centurion-Gauteng)

Company Barloworld Automotive & Logistics Africa
Reference # EngRisk1
Published 31/07/2020
Contract Type Permanent
Salary Market Related
Location Centurion, Gauteng, South Africa
The Senior Engineer: IT Security and Risk is responsible for translating IT risk requirements and constraints of business into practical technical control requirements and specifications, as well develop metrics for ongoing performance measurement and reporting of the IT security discipline. The role furthermore ensures that IT security measures are incorporated into all IT solutions and designs and that the real-world risks are balanced with the business drivers of speed, agility, flexibility and performance.
Job Functions Information Technology
Industries IT - Information Technology,Logistics
Key deliverables and outputs

1.Manages the process of gathering, analysing and assessing the current and future threat landscape, as well as providing the CISO with a realistic overview of risks and threats in the organisation’s environment.
2.Monitors and reports on compliance with IT security policies and controls, as well as the enforcement of the policies within the IT department and across the organisation.
3.Proposes changes to existing policies and procedures to ensure operating efficiency and regulatory compliance.
4.Assists in understanding and responding to IT audit failures reported by auditors and other assurance providers.
5.Provides IT security communication, awareness and training for all levels of audience.
6.Facilitates and manages the response to IT security incidents, where necessary actively participating in investigations.
7.Works with the CISO, IT and business stakeholders to define metrics and reporting strategies to effectively communicate success and progress of the IT security program.
8.Consults across all IT disciplines to ensure that IT security is factored into the evaluation, selection, installation and configuration of hardware, applications and software.
9.Recommends and co-ordinates the implementation of technical controls and IT security solutions to support and enforce the defined IT security policies.
10.Researches, evaluates, designs, tests, recommends or plans the implementation of new or updated IT security hardware or software, analysing its impact on the existing environment and providing technical and managerial expertise for the administration of IT security tools.
11.Manages outsourced vendors that provide IT security-related services and functions for compliance with contracted service level agreements.
12.Manages the day-to-day activities of threat and vulnerability management, identifying risk tolerances, recommending treatment plans and communicating information about residual risk and risk acceptances.
13.Manages IT security projects (internal to the team) and provides expert guidance on IT security matters for other IT projects.
14.Directs and guides the disaster recovery planning team in the selection of recovery strategies and the development, testing and maintenance of disaster recovery plans.
15.Ensures audit trails, system logs and other monitoring data sources are adequately and securely captured in compliance with policy and audit requirements and are reviewed periodically.
16.Designs, co-ordinates and oversees IT security testing procedures in conjunction with the Quality Assurance discipline to verify the security of systems, networks, applications and manage the remediation of identified risks.
•A 3-year degree (or equivalent) in computer science or informatics
•IT security-related certifications, e.g. CISSP, CISM, CEH
•7 – 10 years’ practical experience in an IT security role
•2 – 3 years in a team leadership or supervisory role
•Experience in developing and maintaining policies, procedures, standards and guidelines.
•Proficiency in performing risk, business impact, control and vulnerability assessment and in defining treatment strategies.
•Post graduate degree in information security
•Certifications in the IT security technology solutions in use in the organisation.
•Excellent understanding of all IT security domains, including IT security concepts, protocols, industry best practices and technology controls.
•Deep understanding of common IT security management frameworks, such as ISO2700x, NIST, ITIL and COBIT.
•In-depth knowledge and understanding of information risk concepts and principles as a means of relating business needs to IT security controls.
•Familiarity with applicable legal and regulatory requirements, e.g. POPIA.
•Familiarity with the principles of cryptography and cryptanalysis.
•Knowledge of IT security-related testing.
•An understanding of operating system internals and network protocols.
•Knowledge of developing and documenting IT security architecture and plans.
•Highly developed verbal and written communication skills to interact professionally to persuade and influence others effectively at all levels (externally and internally).
•Highly developed interpersonal skills to network effectively, handle conflict.
•Advanced critical, analytical, conceptual and creative thinking and problem-solving skills to spot trends, identify new technology developments, perform in-depth analysis of effectiveness of support.
•Numeric reasoning skills to draw logical conclusions from for numerical information.
•Ability to multi-task.
•Project management skills.
•A preference for translating strategy into action
•Concern for working within parameters
•Focus on analysing and solving problems
•Commitment to behaving ethically and correctly
•Remain resilient under stress and pressure
•Focus on initiating action
•Preference for thinking practically and laterally
•Concern for aligning with best practise
•Focus on getting things done
•Concern for communicating clearly
•Readiness for making and owning decisions
•Openness to accepting feedback
•Preference for team-working
•Commitment to maintaining business knowledge
Job Closing Date 10/08/2020
Share on
Last Updated: 30-7-2020 []
Webserver: SkillsMap (NLBC)