Information Security Analyst

IT – Analyst, Data Management
Cape Town – Western Cape

YOUR keen eye for detail and wealth of technical expertise – particularly Information Security Risk Management frameworks and compliance practices – is sought by a dynamic provider of innovative Business Solutions to fill the critical role of an Information Security Analyst. In collaboration with teams, you will help design and implement security systems that protect the computer network while ensuring that the security systems are effective in safeguarding against cyber-attacks. In addition to your analytical skills, you must be able to install firewalls and data encryption programs to create a protective layer around sensitive information. The successful incumbent must also possess a Bachelor’s Degree in Computer Science/Information Technology or related discipline with Information Security related training or Certifications such as CISSP, CISM, CISA or CRISC. You must have 5-6 years’ work experience in a similar role including a solid understanding ISO2700x, NIST, CoBiT, BCM, ITIL, GDPR, ITAR, SOX, etc.
  • Evaluation of compliance with programs and processes to mitigate Cybersecurity risk and ensure protection of company and allied assets and information.
  • Implement and maintain Governance, Risk and Compliance (GRC) processes.
  • Perform security and compliance assessments on new and existing systems, processes, technology.
  • Attend Disaster Recovery and Business Continuity planning sessions to understand integration with Information Security governance, risk and compliance elements.
  • Perform analysis and documentation of assigned business and technical processes.
  • Continuously learn about potential improvements to the security framework, methodology, standards, and system of internal controls.
  • Gather and evaluate information, including to support Auditors, Regulators, and Compliance Partners.
  • Perform tests, to evaluate the design and effectiveness of key controls as is necessary for compliance.
  • Identification of control deficiencies in the design and operating effectiveness of Information Security controls
  • Participate in the establishment and implementation of Information Security Audit and Assurance Planning and Scheduling.
  • Conduct formal Information Security risk analyses, reviews, tests, audits and/or self-assessments.
  • Work with relevant stakeholders to close out on audit findings and identified risks.
  • Participate in IT controls and compliance testing activities and/or audits.
  • Perform technical configuration of industry leading GRC tools through skills acquired on-the-job and specialist course offerings.
  • Ensure Cybersecurity policies and procedures are communicated to all personnel and that compliance is enforced.
  • Support operation and administration of systems for Information Security and IT.
  • Report on Information Security risks as and when required.
Qualifications –
  • Bachelor’s Degree in Computer Science, Information Technology or related and/or equivalent.
  • Information Security related training or Certifications such as CISSP, CISM, CISA or CRISC.
Experience/Skills –
  • At least 5-6 years’ experience in a similar position (IT Security, Risk Management or GRC), progressing through other career levels.
  • Experience dealing with relevant stakeholders, managing expectations in the pursuit of improved Information Security.
  • Working experience as a Business Analyst or a keen interest in business operations.
  • Experience with common industry guidelines (such as CIS).
  • Sound knowledge of Information Security Risk Management frameworks and compliance practices.
  • Knowledge of securing network technologies, client, and server operating systems.
  • Knowledge of security standards and guidelines based on best practices and industry standards.
  • Interpersonal, communication, and presentation skills, including formal report writing skills.
  • Understanding of common security standards and regulations, as well as Cybersecurity frameworks (e.g., ISO2700x, NIST, CoBiT, BCM, ITIL, GDPR, ITAR, SOX, etc.).
  • Proficiency with Microsoft Office (e.g., Outlook, Word, Excel, PowerPoint, etc.).
  • Ability to manage and prioritize tasks and activities.
  • Can quickly learn and work with technologies related to governance, risk, and compliance.
  • Consistently delivers quality work products.
  • A team-focused mentality with the proven ability to work effectively with diverse stakeholders. 
  • Able to work under pressure while maintaining a professional image and approach.