JOB GRADE: D3
Reference Number: 9952955
Research & Development Business Unit has a vacancy for a Cybersecurity Specialist – Cybersecurity Governance Division (CGD). Applications are invited from people meeting the qualifications and experience requirements set out below.
PURPOSE OF THE JOB:
A Cybersecurity Specialist Governance participates in protecting Armscor’s information against security threats (e.g. loss of information) to ensure confidentiality, integrity, availability, and non-repudiation. A Cybersecurity Specialist Governance also participates in ensuring cybersecurity oversight, risk management, and compliance with information-security-related matters, policies, laws, and regulations that Armscor must comply to.
CRITICAL PERFORMANCE AREAS:
A Cybersecurity Specialist (CGD) supports the Senior Manager (SM): Cybersecurity Governance Division (CGD) in order to:
- Develop and maintain cybersecurity policies, standards, practices, procedures, and secure enterprise architecture framework.
- Researches, evaluates and recommends new security tools, techniques, and technologies.
- Create and maintain a risk mitigation strategy, risk mitigation, and management Program
- Ensure the development and maintenance of governance documentation that includes Cybersecurity policy, Information Security Management System (ISMS), practices and procedures following ISO27001, and other relevant information security standards in line with legal and regulatory requirements and compliance with adopted frameworks.
- Establish and maintain the incident response management plan.
- Develop cybersecurity incident response plan, participate in the incident response process and submit report to management with recommendations i.e. become part of the cybersecurity incident response team (CIRT).
- Conduct cybersecurity governance assessment and investigations as and when necessary, and submit reports to the Senior Manager (SM): cybersecurity governance division with recommendations.
- Develop business continuity and disaster recovery plan to ensure business continuity.
- Participate in the development, implementation, and maintenance of cybersecurity programs and plans.
- Develop and implement a risk management approach and an overarching corporate security policy that is aligned to business requirements and processes.
- Develop, maintain and govern all cybersecurity governance processes and secure architecture as per cybersecurity strategy and the enterprise architecture for Armscor.
- Evaluate secure Enterprise Architecture principles and governance mechanisms and monitor the adherence thereto to ensure the delivery of secured solutions on the Armscor digital environment.
- Manage the end-to-end cybersecurity governance, risk, and compliance (GRC) and provide reports to the Senior Manager (SM): cybersecurity governance division with recommendations.
- Formulate and implement a series of security controls and associated procedures, with responsibility and accountability as defined in the RASCI matrix for risk management.
- Monitors internal control systems, identify suspicious behavioural patterns, and takes appropriate action.
- Implements security controls, risk assessment framework, and program that aligns to regulatory requirements, ensuring documented and sustainable compliance that aligns and advances Armscor’s business objectives.
- Review, audit, test system architecture for compliance with security frameworks, best practices, and/or regulatory requirements.
- Respond to internal and external audit processes.
- Develop a risk management framework and conduct a cybersecurity risk assessment periodically.
- Participate in the process of information systems risk assessments, i.e. facilitate the management and reporting of cybersecurity risks identified by internal and external auditors.
- Improve security awareness across the organization and maintain internal security controls.
- Ensure a clean audit position of the Cybersecurity Governance Division (CGD) functionally and operations.
- Develop training plans and conduct cybersecurity awareness and training sessions.
- Conduct governance gaps analysis assessments to ensure that controls are adequate to meet policies requirements
- Work with internal and external auditors to facilitate continuous improvement of Armscor Information Security.
- Stay abreast of the latest developments in the field of cybersecurity and recommend improvement initiatives to the organisation.
- Manage system security audit and access controls and ensure available protections and controls are in place.
- Monitor patch management, vulnerability, and threat management to enhance the Organisation’s Ability to Detect Cyber-Attacks and reduce the impacts of cybersecurity incidents.
- Compiles written technical reports on the outcomes network vulnerability assessments, threat monitoring procedures and submits to the Senior Manager (SM): cybersecurity governance division with recommendations.
- Create service level agreements with internal and external stakeholders.
- Honours Degree in Computer Science or Information Systems / BTech: Information Technology or related fields. The Candidate should hold an undergraduate qualification (national qualification framework (NQF) level 7) as recognised by South African Qualifications Authority (SAQA).
- Information Technology Infrastructure Library (ITIL) version 3 / version 4.
TECHNICAL / LEGAL CERTIFICATION / PROFESSIONAL REGISTRATION:
- CEH would be an advantage
- COBIT 2019 recommended.
- ITIL recommended.
- TOGAF or related architecture framework recommended.
- Project management training is recommended.
- Certified Information Security Professional (CISSP) or equivalent professional security qualification preferred.
- Relevant security or cybersecurity certification would be an advantage
- At least 8-10 years post qualification experience
- Analytical skills
- Cybersecurity skills
- Extensive experience in the information and communication technology (ICT) environment
- Experience implementing security applications including installation, configuration, automation of processes and monitoring
- A proven record of dealing with complex projects and meeting conflicting demands
- Demonstrated ability to contribute to strategic and visionary overall business leadership
- Knowledge and direct experience with vulnerability management
- Demonstrated experience of development, implementation, and maintenance of a cybersecurity program and plan
KNOWLEDGE & FUNCTIONAL SKILLS:
- Operations management
- Business analysis
- Business development
- Business process excellence
- Business management and administration
- Disciplined agile delivery
- Agile methodology
- Service oriented architecture (SOA) and micro-services architecture principles
- Policy writing
- Project management
- Change management
- Business process analysis
- Working knowledge and experience of the information security standards
- Knowledge of information security principles and practices, including, security risk assessment standards, risk assessment methodologies, and vulnerability assessment
- Knowledge of network security
- ICT portfolio management
- Supplier / 3rd party management (supply chain)
- Infrastructure lifecycle management
- Knowledge of routing and switching methodologies
- Knowledge of server technologies
- Knowledge of directory services
To apply, send your application to InternalVacancies@armscor.co.za
NB: All applicants must indicate reference number of the position they are applying for in the subject heading.
Short-listed candidates will be subjected to reference checking, verification of personal data and security clearance as part of the selection process. In line with Armscor’s commitment to compliance with the Employment Equity Act, preference will be given to suitable candidates from designated groups. People with disabilities are encouraged to apply.
The closing date for applications is 20 September 2021. Late applications will not be consider.
Enquiries: Mr. Lekang Mangope (012 428 2119)