Information Security Specialist at The South African Weather Service (SAWS)

Job Summary: 

The position of Information Security Officer reports to Senior Manager: ICT. The Officer will be responsible for information security, governance, and information to protect the organisation by employing a range of technologies and processes to prevent, detect and manage cyber threats. 

Key performance areas 

• Monitor computer networks for security issues, install security software and document all security breaches and assess the damage they cause. 
• Fix detected vulnerabilities to maintain a high-security standard. 
• Maintain the Information Security Framework and underlying policies, procedures, standards, and guidelines. 
• Lead the development, maintenance and updating of the Information Security Strategy and Information Security Program. 
• Ensure appropriate administrative, physical, and technical safeguards are in place to protect SAWS information assets from internal and external threats. 
• Identify, introduce, and implement appropriate procedures, including checks and balances, to test these safeguards on a regular basis. 
• Conduct and complete annual reviews and audits as required engaging both internal and external resources such as firewalls. 
• Ensure that the disaster recovery plans and emergency operating procedures are in place and tested on a regular basis. 
• Act as the committed owner of the security incident and vulnerability management processes from design to implementation and beyond. 
• Manage and assist in performing on-going security monitoring of information systems including assessing information security risk through qualitative risk analysis on a regular basis 
• Conduct functional and gap analyses to determine the extent to which key business areas and infrastructure comply with statutory and regulatory requirements 
• Evaluate and recommend new information security technologies and countermeasures against threats to information or privacy and developing security reports and dashboards. 
• Ensure effective staff training programs are in place to increase security awareness across SAWS. 
• Ensure design, firewall rules are reviewed, audit logs are performed regularly, change management strategy in place to ensure all systems are accessed securely. 

Requirements:

• Post graduate degree or equivalent in Information Technology or related field with Security certification either CASP, CISM, etc. 
• Minimum of 3 years’ managerial experience in information technology security in a similar size or related institution/organization. 
• A certified in risk and information Systems Control Certified Information Systems Auditor will be added advantage. 
• Knowledge of Microsoft Azure Active directory, Forcepoint Web security Controller, Algosec Firewall analyzer tools etc., ISO 27001, NIST Security Framework standards, Cobit and other related security best practices) POPI Act, and other security regulatory frameworks, and guidance to implementation of IT security controls to ICT teams. 
• Understanding of the general business functions and its inter- relationship and contribution to services and the application. 
• Knowledge and understanding of principles, applications and techniques of electronic data acquisition systems, computer systems, operations, computer hardware and software systems planning, and technical support. 

Attributes and Competencies 

• Innovative, strategic and leadership capability 
• Analytical thinking and decision-making 
• Excellent presentation and negotiating skills 
• General Management