IT Cyber Security and IAM (Identity & Access Management) Technical Analyst

 

APPLY HERE

Maintains, configures and troubleshoots cyber security systems.

Responsible for overseeing and administering the user access process and controls in critical company networks, applications and security. This role monitor computer networks for data security issues. Investigate security breaches and other cyber security incidents. Install security measures and operate software to protect systems and information infrastructure, including Data Loss Prevention (DLP) and data protection program. Responsible for access control pertaining to “Joiner, Mover Leaver” processes. Ensures that only authorised individuals have access to IT assets based on clearance levels. The role is also required to implement controls, conduct security awareness training, research new security tools and best practices and direct IT teams on how best to protect corporate information assets.

1. Manage and co-ordinate the deployment of all cyber-security training and awareness

2. Support the access management process

3. Track and monitor SOD conflicts and any inappropriate use of IT systems. Escalate immediately where required

4. Work with HR to implement, track and monitor all changes required as a result of “Joiner, Mover, Leaver” requirements

5. Research, design, evaluate and implement security controls associated with company’s architecture standards

6. Document network, system, and application user access control procedures and update policies and processes as required

7. Central point for all IT systems access requests for services or information

8. Validate legitimacy of requests; ensure proper approvals and execute per the access policies, regulations and procedures

9. Develop and maintain user access application inventory

10. Distribute access control reports to support periodic reviews and develop and implement regular access control process improvements

11. Provide required Management Information Reports such as daily, weekly, monthly system health checks and reporting on DLP system and support reporting requirements on VPN, Firewall and Proxy.

12. Work with business stakeholders and participate in company projects to ensure that on-boarding of new applications, along with new user roles and permissions when needed.

13. Cyber Security Technical responsibilities: Implement approved configuration/rule changes for DLP, and provide support for VPN, firewall and proxy where needed.

14. Work closely with the Security Operations Centre (SOC) to analyse threat intelligence and technical analysis on the network and applications layer to identify irregular activity

15. Conduct Cyber Incident Exercises to test preparedness and respond to actual P1, P2 and P3 Events and Alerts

16. Support regular audits to ensure security practices are compliant

17. Support the Deployment of endpoint detection and prevention tools to thwart malicious hacks, set up patch management systems to update applications automatically and update/upgrade security systems as needed

18. Implement comprehensive vulnerability management systems and perform vulnerability testing, risk analyses and security assessments

19. Conduct risk assessment to capture security exceptions and design associated controls

Professional Qualification and Certifications:

1. Bachelor’s Degree in Computer Science, Information Systems or other related field, or equivalent work experience.

2. Certification in risk, information systems and/or security desired

Work Experience: 

1. 5+ years of experience in IT security, Identity and Access Management (IAM), DLP experience, Cloud Security and Governance.

Knowledge and skills:

Knowledge of IT infrastructure, especially networks, server. Desktop and DLP applications. 

Knowledge of Third-party Risk management. Conducting Risk assessment and Cloud assurance. 

Experience in security management, security and network architecture and/or design

Experience in implementing and maintaining IT security processes

Experience in creating and reviewing IT security policies for compliance

Skills and knowledge in data privacy, best practices such as; defence in-depth, least privileges, need-to-know, separation of duties, access controls, encryption

Key Processes Supported:

This role supports to following critical Head Office processes:

Interpret cyber security and corporate risk, and governance frameworks

Develop applicable policies and standards

Monitoring and reporting

Ensuring policy compliance

Application deadline:

30 June 2023