Information Security Analyst - Cape Town, South Africa - Achievement Awards Group (Pty) Ltd

Achievement Awards Group (Pty) Ltd

Verified Company

Cape Town, South Africa

1 week ago

Posted by:

Thabo Mthembu

beBee Recruiter

Description

Purpose of the role:

The information security analyst, a dedicated and skilled professional, collaborates with teams to design and implement security systems that protect the computer network.

With a keen eye for detail, they ensure that the security systems are effective in safeguarding against cyber-attacks. As an information analyst for security, they strive to set and maintain the highest security standard possible. Whenever security threats or violations occur, the analyst conducts a thorough analysis to determine the best course of action.

In addition to their analytical skills, they also have technical expertise and can install firewalls and data encryption programs to create a protective layer around sensitive information.

Requirements:

This position will be accountable for:
Evaluation of compliance with programs and processes to mitigate cybersecurity risk and ensure protection of company and allied assets and information
Implementing and maintaining governance, risk and compliance (GRC) processes
Performing security and compliance assessments on new and existing systems, processes, technology
Attending disaster recovery and business continuity planning sessions to understand integration with information security governance, risk and compliance elements
Performing analysis and documentation of assigned business and technical processes
Continuously learn about potential improvements to the security framework, methodology, standards, and system of internal controls
Gather and evaluate information, including to support Auditors, Regulators, and compliance partners
Perform tests, to evaluate the design and effectiveness of key controls as is necessary for compliance
Identification of control deficiencies in the design and operating effectiveness of information security controls
Participating in the establishment and implementation of information security audit and assurance planning and scheduling
Conducting formal information security risk analyses, reviews, tests, audits and/or self-assessments
Working with relevant stakeholders to close out on audit findings and identified risks
Participating in IT controls and compliance testing activities and/or audits
Performing technical configuration of industry-leading GRC tools through skills acquired on-the-job and specialist course offerings
Ensure cyber security policies and procedures are communicated to all personnel and that compliance is enforced
Supporting operation and administration of systems for information security and IT
Reporting on information security risks as and when required

Knowledge, skills and attributes:

Sound knowledge of information security risk management frameworks and compliance practices Knowledge of securing network technologies, client, and server operating systems Knowledge of security standards and guidelines based on best practices and industry standards Interpersonal, communication, and presentation skills, including formal report writing skills Understanding of common security standards and regulations, as well as cybersecurity frameworks (e.g., ISO2700x, NIST, CoBiT, BCM, ITIL, GDPR, ITAR, SOX, etc.) Ability to manage and prioritize tasks and activities Ability to quickly learn and work with technologies related to governance, risk, and compliance Proficiency with Microsoft Office (e.g., Outlook, Word, Excel, PowerPoint, etc.)

Able to consistently deliver quality work products A team-focused mentality with the proven ability to work effectively with diverse stakeholders Ability to work under pressure while maintaining a professional image and approach

Education and training:
Bachelor's degree in computer science, Information Technology or related and/or equivalent Information security-related training or certifications such as CISSP, CISM, CISA or CRISC

Experience:
At least 5-6 years' experience in a similar position (IT security, risk management or GRC), progressing through other career levels Experience of dealing with relevant stakeholders, managing expectations in the pursuit of improved information security Working experience as a business analyst or a keen interest in business operations Experience with common industry guidelines (such as CIS)