Information Security Analyst L2

Purpose: 

Conduct all activities related to technology risks and remediations to protect the company ecosystem from potential threats including partnering with the company Employees and vendors to drive a Cyber security-conscious organisation.

Duties and responsibilities:

• Support with developing and maintaining Cyber Security Road Map and interventions
• Support with developing company-wide best practices for Technology security
• Support improving the maturity, or efficiency, of the Cyber Security team, by identifying innovative, problem-solving solutions.
• Creates and maintain appropriate standard operating procedures for the Cyber Security and information protection.
• Identify, respond, predict and analyse security breaches and threats to determine their root cause and report findings to relevant stakeholders on cyber-security threats, attacks, incidents, and other factors that indicate security risks as per SLA.
• Researching, investigating and developing proficiency in current and emerging threats, vulnerabilities, and security technology developments.
• Play an active role in Technology Security Planning sessions, driving agenda and deliverables with all participants.
• Support managing Vendor Strategy and roadmap for Information Security
• Establish plans and protocols to protect digital files and information systems against unauthorized access, modification and/or destruction within mandate
• Assessment of the organisation's technology risk exposure and measurement of the various parameters that make up technology risks.
• Work closely with other stakeholders to design, architect, consult and implement security solutions to ensure readiness for security technologies
• In support of program design, gather client requirements and draft documentation in order to compile a draft project plan, only more complex programs need to be reviewed by the Information Security Officer
• Identify the desired outcomes and success criteria which is to be the baseline for post project review and benefit realisation validation, as well as measuring positive effects.
• Contribute to project risk management consulting and technical reviews, drafting mitigation plans and delivering on any actionable items allocated
• Drafts procedures and or policies with regards to cyber security submitting them to the Information Security Officer for review and authorisation.
  

Qualifications and experience:

• Bachelors degree in Information Security or similar.
• Industry certifications such as CISSP, SANS/GIAC: GSEC, GCIH, GFCA, GCFE, GCIA; EC-Council: CEH, ECIH, CHFI, ECSA; Security+; Tenable: TCNU, TCNA, TCSE, ISO27001 (Candidates with certifications will be given preferential reviews)
  
• 5 Years experience within either an Information Security position or Cybersecurity, which include protection against social engineering, or security vulnerability remediation, of which: 
• 2 Years IT administration experience 
• 2 Years Ethical Hacking experience 
• In-depth knowledge of Cloud security platform (MS Intune / O365 Security, etc.) 
• In-depth knowledge of Firewalls and Malicious Code Defense including APT
• Knowledge of Cybersecurity technical assessments, standards, tools, and processes
• Knowledge of common attack vectors Knowledge of Vulnerability assessment tools (Nessus, Nmap) Endpoint and network security tools/techniques