IT Security Analyst at FirstRand Group

Job Description

• To perform ongoing Security Testing for Online Banking to ensure that applications are secure, in accordance with National Credit Act (NCA).
• An IT Security Analyst plays a crucial role in safeguarding an organization’s data and systems against internal and external security threats. Ongoing Security Testing for Online Banking. Make sure these applications are secure.

Are you someone who can:

Develop and Implement Security Policies:

• IT security analysts contribute to the implementation, and maintenance of corporate-wide information security policies, programs, and standards. They ensure that security measures align with organizational goals.

Risk Assessment and Vulnerability Analysis:

• These analysts perform risk assessments and technical vulnerability analyses. They identify process risks, weaknesses, and controls, making recommendations and plans to address vulnerabilities.
• Report on mitigating actions required to correct or remedy actions where necessary and inform IT Risk of any significant changes and risk situations.
• Consult to projects in terms of identifying risks, vulnerabilities and controls for new developments by researching and understanding security best practices and implementation of security products in a corporate environment.
• Perform Security Assessments on internal environments or external 3rd party environments, with the purpose of identifying shortcomings which introduce risk

Incident Response and Compliance:

• IT security analysts actively support incident response policies. They monitor compliance with security policies, document findings, and ensure successful closure of compliance deficiencies and incidents.

Data Protection and Confidentiality:

• Analysts implement processes to protect data confidentiality, integrity, and availability. They maintain technical mechanisms that enable these controls.

Project Participation:

• IT security analysts participate in or lead projects assigned by the Chief Information Security Officer (CISO) to meet information security requirements. They collaborate with technical and business personnel to ensure secure solutions.
• Assisting in the design of new business tools and products, ensuring best practice and effective security principles are incorporated from the design of these systems.

Research and Evaluation:

• Analysts research new security tools, assess their applicability, and evaluate products and service offerings to enhance the organization’s security posture.
• Perform ongoing Security Testing for Online Banking to ensure that applications are secure, in accordance with National Credit Act (NCA)

We would love to see applicants who:

• Has expert knowledge of and experience with security tools / techniques.
• Knowledge of security architecture to enhance software development to include security-by-design principles.
• Utilisation of tools and technologies to conduct ethical hacking and penetration testing with a particular emphasis on custom developed web applications.
• Analysis of these test results and report on recommendations to rectify any vulnerabilities identified.
• Ensuring compliance to security standards within the business unit and within the organisation
• Consulting to projects in terms of identifying risks, vulnerabilities and controls for new developments.
• Identifying significant risks during the software development test cycle and implementing controls to mitigate these risks
• To research and assist in the implementation of security products within the organisation where appropriate.
• Perform functional and technical test analysis and testing (including regression) on security specific projects, incidents and work requests
• Weekly reporting on test progress
• To research and understand security best practices and how they are implemented in a corporate environment
• Maintain current knowledge of the Information Systems security industry’s emerging technologies.

Qualification AND Experience:

• IT Degree
• Security qualification e.g., OPST, CISSP, CISM, Security+
• Professional Registrations

Additional Requirements

• Perform security review, with a specific focus on testing of major software components and their code, by utilisation of tools and technologies to conduct ethical hacking and penetration testing with a particular emphasis on custom developed web applications.
• Firewall knowledge and experience in firewall reviews and network design.
• Corporate Governance according IT Security
• Comply, understand and implement all steps for the IT Information Security Processes and Procedures and meet governance in terms of legislative and audit requirements.
• Information Security Analysis and Rectification Processes
• Analyse information security test results and report on recommendations to rectify any vulnerabilities identified and ensure compliance to security standards within the business unit and within the organisation.
• Information Security Risk Testing Process
• Perform functional and technical test analysis and testing (including regression) on security specific projects, incidents and work requests to identify significant risks during the software development test cycle and implement controls to mitigate these risks.
• Information Security Consultation on Projects
• Consult to projects in terms of identifying risks, vulnerabilities and controls for new developments by researching and understanding security best practices and implementation of security products in a corporate environment.