Specialist: Data & Identity Security
Centurion, Gauteng, ZA
The Road Accident Fund’s mission is to provide appropriate cover to all road users within the borders of South Africa; to rehabilitate and compensate persons injured as a result of motor vehicle accidents in a timely and caring manner; and to actively promote safe use of our roads.
Purpose of the Job: Reporting to the Manager: Cyber Security Operations, the successful incumbent is responsible for establishing and maintaining confidentiality, integrity and availability of data as well as to enforce security within the ICT and business.
Key Performance Areas
Policy review and implementation
- Contribute to the development and implementation of departmental policy, standards & procedures and processes.
- Keep up to date with effective policy and practice execution strategies.
Incident response and remediation management
- Maintain the Confidentiality, Integrity and Availability of the RAF Information contained within systems and applications.
- Ensure security incidents/requests are recorded in the RAF incident management system.
- Respond and remediate incidents and requests within the statutory time periods.
- Conduct Investigation, analysis and review following any security breach/incident.
- Assist in defining and implementing the RAF’s processes to record the security incident details.
- Investigate incidents as requested.
- Detailed analysis of the incident and suggest corrective actions.
- Compile reports around the breach/incident.
- Implement corrective actions where approved.
- Maintain detailed records of breach/incident using agreed procedures.
Design and develop security controls across RAF systems and networks
- Design and develop ICT system and network security controls in accordance with RAF approved architecture framework and industry best practice.
- Document and maintain all security controls as per RAF governance.
- Obtain management approval in terms of security controls and architecture.
- Conduct technical evaluations in ICT systems and networks in order to identify weakness.
- Prepare recommendations for appropriate control improvement and/or the introduction of new controls.
Reporting
- Ensure all requests and changes are correctly authorised before implementation.
- Ensure that the implementation of controls follow the RAF change control procedure.
- Identify potential security violations prior to and post implementation of controls.
- Implement and maintain ICT security solutions to ensure that systems and networks are protected against security threats and vulnerabilities.
- Design, implement and maintain process and procedures to ensure that security solutions under the area of control are always functioning correctly.
Stakeholder management
- Facilitate and manage communication with relevant internal and external stakeholders in relation to ICT Security related matters and proactively and progressively manage the relationships.
- Provide guidance and support to respective IT operational staff on systems security processes, policies and security controls.
- Manage relationships with service providers or procurement teams and ensure that all relevant procured items are invoiced and paid on time.
Qualifications and Experience
- Bachelor’s Degree/Advanced Diploma in an Information Technology related qualification.
- IT Security Certification (Security+ or CISSP or CISM).
- ITIL Certification.
- Relevant 5-7 years’ experience in an ICT Security environment with speciality in identity and Access Management.
Technical and Behavioral Competencies Required
- Resilience
- Communication
- Working with People
- Network and Alliances
- Planning, Organising and Coordinating
- Employee Engagement
- Personal Mastery
- Judgement and Decision Making
- Ethics and Values
- Client Service Orientation
- Change management
- Conflict management
- Critical and innovative thinking
- Facilitation and presentation skills
- Policy conceptualisation and formulation
- Risk Management
- Programme/project management
- Service Delivery Innovation
- Stakeholder development and relations
- Reporting
- Knowledge IS Security Risk Analysis Methods, Tools and Techniques pertaining to SAP security.
- Risk assessment skills.
- Microsoft Office Product Suite - Is able to efficiently utilise the various MS Office .Product range such as ,MS Outlook, MS Excel, MS Word and MS PowerPoint.
- Operating system Security (MS, UNIX, Linux etc.)
- Data Security.
- Planning and organising skills.
- Reporting and presenting skills.
The Road Accident Fund subscribes to the principles of employment equity and preference will be given to People with Disabilities.
Applicants who have not received any correspondence from us within six weeks from the closing date can consider themselves unsuccessful
Security Vetting shall be conducted on all prospective employees
It is the applicants’ responsibility to have foreign qualification evaluated by the South African Qualification Authority (SAQA) and to provide proof of such evaluation.