We have a client based in Gautenglooking for ICT skilled resources on long term contracts. If you match the skills requirementskindly submit your CV to our portal on www.datacentrix.co.za or email to ehanekom@datacentrix.co.zaand zmabaso@datacentrix.co.za (please remember to add reference number next to your CV and name insubject line)The reference number willreflect in front of the function for example ISEC1, ISEC2, etc.
1) ISEC1 – Security Administration
Minimum requiredcertification:
CCNA Security, VA, Ethical Hacking
 
Perform ICT security operations to ensure the availability, accessibility and utilization ofInformation Security infrastructure in line with COMPANY business needs in line with legislativerequirements and code of good practices for Information Security Administrators
mplement operational changes to the ICT InformationSecurity infrastructure and applications to ensure proper compliance with releaseauthorization.
hreatevaluation
versee back officeadministration to ensure proper monitoring and administration according to business needs and ICTbest practice standards to ensure availability and accessibility of ICT Information Securityinfrastructure and services in accordance with Service Level Agreements.
onitor and report on non-complianceincidents
aintain the properconfiguration of the Information Security Infrastructure to ensure availability and accessibility ofICT infrastructure in accordance with Service Level Agreements.
rovide specialized technical analysis and support toensure effective internal and external services.
mplement ICT Information Security infrastructure and applications related to therelevant disciplines as and when required by the ICT Infrastructure Projects team to ensure theavailability, accessibility and utilization of infrastructure in line with COMPANY businessneeds
ontribute to ICTInformation Security Infrastructure projects where required to ensure the required quality of outputwithin time, costs and given constraints.
nsure a code of good practice in accordance with legislative requirements andInformation Security good practices.
dherence to all SHEQ requirements & standards.
articipate as part of ICT Infrastructure Operations team in the reviewand development of ICT standards and procedures and best practices required to ensure theavailability, accessibility and utilization of infrastructure in line with COMPANY businessneeds.
 
2) ISEC2 –Enterprise Security Architecture
 
Minimum requiredcertification:
SABSA, CISSP or CISM, CISA
Provide enterprise and solutions architecture services relating to the Information and CyberSecurity.
Provide regulatory,legislative and statutory expertise with regards to ICT, Privacy and Information Security
Develop/ revise and implement InformationSecurity Strategy in alignment with corporate plan, ICT Strategy and the relevantroadmaps
Develop/ revise andimplement Enterprise Security Architecture and incorporate into Enterprise Architecture GovernanceFramework
Provide EnterpriseSecurity Architecture and Security Solution Architecture Consulting and Advisory Services
Support various governance committees/forums (if required)
PerformSecurity Architecture and Design reviews
Ensure alignment with industry standards, norms and best practice
 
3) ISEC3 – Information Security SolutionArchitecture
 
Minimum requiredcertification:
SABSA, CISSP or CISM, CISA
Provide security solutions architecture services relating to the Information and CyberSecurity.
Develop a roadmap forsecurity technologies in support of the ICT Strategy, Information Security Strategy and EnterpriseSecurity Architecture
Provideexpertise around new and emerging Information Security technologies that can add value to thebusiness
Support the translationof business and ICT requirements and/or objectives into sustainable Information Securitycapabilities and requirements
Define the requirements and complete solution design needed to implement the proposedsecurity capabilities/ systems
Provide Security Solution Architecture Consulting and Advisory Services
Support the integration with, enablement andadoption of security capabilities within the business (technical and business level)
Support initiatives to redefine current andfuture state of information security architecture and capabilities
Develop relevant architecture artefacts andtemplates that can support reuse/ integration of multiple solutions
Ensure alignment with industry standards, norms andbest practice
 
4) ISEC4 –Information Security Specialist
 
Minimum requiredcertification:
CISSP / CISM
 
Provideinformation security expertise
Defining and developing guidelines, policies, standards, process and procedures forinformation security standards
Provide Security Consulting and Advisory Services
Definition, monitoring and/or critical evaluation of informationsecurity policies, capabilities and controls
Ensuring that operations, initiatives and/or projects do not compromiseinformation security
Identifythreats, risks and/ or vulnerabilities, support solutions design and capability implementation of ISEnterprise Architecture.
Providing guidelines for intrusion prevention and detection mechanisms, configuration,controls and/or requirements which would safeguard against hacker vulnerability, unauthorized useraccess
Promote user awareness ofinformation security requirements and practices.
Communicating and making information security policies, standards and proceduresavailable.
Provide expertise ina particular Information Security domain in order to support architecture, design, configuration andoperations of capabilities or services within this domain
Provide input and support technical staff in achieving compliance withCOMPANY policies and standards. Support the application of or implementation of information securityrequirements and/or controls
 
5) ISEC5 – Infrastructure Security Specialist (MS, Oracle, Novell, Linux, Firewalls,PeopleSoft etc.)
 
Minimum requiredcertification:
CISSP / CISM
Relevanttechnical security certifications would be advantageous
 
Subject matter expert and responsible for monitoring a broad range of ICT and informationsecurity infrastructure and coordinating investigation and reporting of securityincidents.
Work closely andcollaboratively with all infrastructure administrators, vendors and/or service providers
Provide Security Consulting and AdvisoryServices specifically related to Infrastructure Security
Information Security compliance Monitoring and administration of ICTservices according to the IS Governance framework in order to ensure data is protected against cybercriminals
Monitor and runcompliance and vulnerability assessments, as well as support and drive intrusion detection andprevention activities.
Assistsystem administrators and database administrators in implementing IS standards, controls andrequirements, as well as the remediation of non-compliances or vulnerabilities
Provide information security reports to managementand support staff
Ensuresecurity incidents and risks are dealt with quickly and efficiently. Monitor and provide reportingrelated to these risks
Assist indesigning acceptable compensating controls where standards cannot be implemented
 
 
6) ISEC6 – Information Security Strategy, Governance andCompliance Consultant
 
Minimum requiredcertification:
CISSP / CISM
ISO27001experience
Relevant technicalsecurity certifications would be advantageous
 
Responsible for providing expertise with regards to information security strategy, ISgovernance (policies, standards, processes, procedures) and compliance (the measurement of andcapabilities to measure)
Provideexpertise for the development and/ revision and implement of the Information Security Strategy inalignment with Corporate plan, ICT Strategy and the relevant roadmaps
Assess, evaluate, improve and monitor the level ofimplementation and/or compliance with the information security policy framework
Provide expertise in order to ensure that COMPANYkeep abreast of new information security requirements, threats and trends, and to advise the CISO onthe effective and efficient improvements required to the information security governance (policyframework)
Expertise in thedefinition and implementation of security compliance processes (manage-to-green approach)
Identify instances of policy non-complianceand support the resolution or mitigation around these
Developing comprehensive corrective action plans and leading anddirecting projects to implement them.
Provide regulatory, legislative and statutory expertise with regards to ICT, Privacy andInformation Security
 
 
 
7) ISEC7 – InformationSecurity Analyst
 
Minimum requiredcertification:
CISSP / CISM
Relevanttechnical security certifications would be advantageous
 
Responsible for the monitoring of security and reporting
Monitor security controls and systems as well as thesecurity of infrastructure (incl. applications, servers, web servers, databases and network) andreport and/or manage anomalies in order to effectively reduce the level of IS risk.
Follow incident management processes toreport analysed anomalies
Provide management reporting related to monitored services
Ability to analyse events and advise on informationsecurity issues and/or incidents
Ability to support investigations
Support Security Incident response and crisis management services
 
 
8) ISEC8 – Security Awareness and TrainingSpecialist
 
Minimum requiredcertification:
CISSP / CISM
Relevanttechnical security certifications would be advantageous
 
Responsible for the development, implementation, support and maintenance of the InformationSecurity Training and Awareness program for a variety of audiences
Develop and/or review Information Security Trainingand Awareness Programme
Managesecurity awareness and training activities in accordance with agreed programme.
Facilitate and/or provider agreed upon training andawareness interventions
Partnerwith managers to analyse and determine training and awareness needs
Design, develop and provide training materials andawareness content
Designmeasurement capabilities/ indicators in order to measure the effectiveness of information securitytraining and awareness activities
 
9) ISEC9 – ISO 2700x Security Specialist
 
Minimum required certification:
CISSP / CISM
ISO 27001 Lead Auditor Certification would be advantageous
 
Responsible for both SME support, as well as thematurity assessment of ISO 2700x standards, in particular ISO 27001 and ISO 27002
Provide expertise and guidance with regardsto the implementation of an Information Security Management System (ISMS) within COMPANY
Support the planning, design andimplementation of required ISO controls
Provide an independent assessment of maturity against ISO 27001 and ISO 27002
 
10) ISEC10 – CertifiedEthical Hacker
 
Minimum requiredcertification:
CISSP / CISM
CEH
Responsible forsecurity testing, including penetration testing and code reviews where necessary
Perform complex security related testing, creatingtest cases, performing manual and automated tests, reporting on problems encountered and documentingtest results for follow-up.
Analyse security test results, draw conclusions from results and develop targeted testing asdeemed necessary.
Proven abilityto communicate technical issues to technical and non-technical business arearepresentatives.
Analyzeoperational IT processes to identify systemic risk issues
Develop processes and implement tools and techniques to perform ongoingsecurity assessments of the environment
Implement tools and techniques to identify and prevent unauthorized IT assetdeployments
 
11) ISEC11 –Digital and/or Cyber Forensics and investigations
 
Minimum required certification:
CISSP / CISM / CCFP
CHFI would be advantageous
 
Responsible for digital, computer and/or cyber forensics, as well asinvestigations into incidents and/or cybercrimes
Provide digital forensics capabilities, including (but not limited to) thefollowing:
•find, recoverand copy data from disks that may have been hidden, encrypted or damaged
•reveal digital images that have been alteredto mask the identity of a place or person
•analyse mobile phone records to trace devices to a particular location
•follow electronic datatrails
•supportinvestigations, and be able to provide digital evidence
Document each stage of an investigation
Present technical findings to managers, lawenforcement organisations and clients
 
12) ISEC12 – Threat and Vulnerability ManagementSpecialist
 
Minimum requiredcertification:
CISSP / CISM
 
Responsible foraddressing threat and vulnerability management, secure configuration management and patch managementfor the organisation as a whole
Perform internal and external vulnerability scanning and web applicationscanning.
Discover, categorize,and analyze vulnerabilities, recommend/develop remediation or mitigation strategies, and escalatethe security issue to the appropriate internal department.
Produce and submit deliverable reports on a periodic and as directedbasis.
Coordinate with alltechnical leads and/or managers of all operating units and/or support functions.
Assist with the design of controls to meetcompliance requirements
Researching current and emerging threats, malware analysis, campaign assessment, datacollection and analysis
Researching threat actors and cultivating and assessing new sources of threat informationand intelligence.
Collecting,assessing, and cataloguing threat indicators and responsibility for adding context to threatindicators to convey urgency, severity, and credibility
Risk management
Maintaining knowledge of threat landscape
Tracking cyber threat actors and their infrastructure with a view todisrupting their activity.
Collaborating with appropriate business partners and lines of business to analysethreats.
Escalating issues tomanagement in a timely manner with appropriate information regarding risk and impact
Participate in and facilitate theidentification, mitigation and containment of cyber-security incidents