• Login Name       Password       Remember me       LOGIN LOGIN    FORGOT PASSWORD
  • REGISTER

 LOGIN WITH
 
 
 
 
 EMPLOYERS
 
 
 
 
 
 NEWSLETTER
 
 
 
 
 FOLLOW US

Test Specialist: IT Security Controls Assurance

Job Ref
272241
Job Type
Permanent
Employer Type
Company
Date Added 8 May 2017
Expiry Date 5 Jun 2017
* There have been 23 applications to this job.
* This job has been viewed 4692 times.
Employer:
Standard Bank

Location:
Gauteng

Salary:
Market related

Benefits:


Role details:
Job purpose description
Responsible for the design of IT security controls tests to evaluate their effectiveness in mitigating business risks; Automating test programmes with appropriate tools; Collecting test results for analysis; Monitoring test performance; Management of the testing processes and infrastructure.
- - - - - - - - - - - - - -
Key Responsibilities

Output group 1- Provide Test Specialist Expertise

Outputs and measures-
• Plan IT security controls testing strategies with business units
• Design and develop IT security controls tests in accordance with agreed controls performance requirements in three categories
o Test for IT security controls implementation
o Test for IT security controls design effectiveness
o Test for IT security controls operating effectiveness
• Design test plans, test scenarios for misuse/abuse cases, and testing procedures
• Create test scripts for interfacing to target business and IT systems
• Develop, install and maintain interfaces into operational controls within business systems and ancillary/support systems to test the IT security controls
• Automate IT security controls tests using appropriate tools and software

Output group 2- Provide technical capability

Outputs and measures -
• Create, implement and maintain controls test processes and infrastructure.
• Monitor and manage IT security controls changes
• Optimise IT security controls tests
• Monitor IT security controls tests and provide quality assurance on test effectiveness
• Provide training and technical advice on testing requirements throughout SDLC

Output group 3-
Provide relationship management capabilities

Outputs and measures -
• Provide IT controls test result data to data specialists for analysis and modelling
• Build and maintain relationships with DevOps function; Security Engineering; Penetration Testing Teams; Vulnerability Management; Ops Control.
• Co-ordinate and Collaborate with Ops Control on IT Control assessments
• Assist Penetration Testing; Vulnerability Reviews and Source Code Reviews
• Provide feedback on IT security controls testing to IT security management
• Assist in root cause analysis
• Support operational risk management efforts

Qualifications
Formal minimum qualification 1-
Type of qualification: First Degree
Field of study: IT and Computer Sciences

Formal minimum qualification 2
Type of qualification: Diploma
Field of study: IT and Computer Sciences

Minimum qualification 3
Type of qualification: International Certificate
Field of study: Security Management

Other qualifications, certifications or professional memberships
CISSP, SABSA F1/F2, IT Programming Qualification, Informatics Qualification

Experience required 1
Job Function: Information Technology
Job Family: Application Development and Support
Years: 3-4 Years
Experience Description: Applied knowledge and experience in development of applications and databases. Knowledge of design techniques and tools

Experience required 2
Job Function: Information Technology
Job Analysis and Design
Years: 3-4 Years
Experience Description: Detailed technical knowledge of designing and configuring test applications, scripts and interfaces

Experience required 3:
Job Function: Information Technology
Job Family: Information Services
Years: 1-2 Years
Experience Description: Experience in manipulation of data for reporting and intelligence capabilities. Knowledge of databases design and management

Behavioural Competencies

Behavioural competency 1
Competency Label: Examining Information
Competency Description: This competency serves to aid effective problem solving and requires being effective at probing and analysing situations efficiently and accurately. This competency is important because without sufficient analysis, effective solutions become less probable. In addition, poor analysis makes it more likely that individuals become confused and anxious, bored, error prone or overwhelmed by detail, which also impacts negatively on successful problem solving.

Behavioural competency 2
Competency Label: Adopting Practical Approaches
Competency Description: Adopting practical solutions with an emphasis on learning by doing. This competency requires individuals to utilise common sense when required. Ultimately, this competency is important in order to ensure that organisations implement feasible solutions.

Behavioural competency 3
Competency Label: Exploring Possibilities
Competency Description: Exploring possibilities is about individuals being effective at displaying behaviours associated with different situations or problems. Individuals are required to look at a problem and define it in an abstract manner. “Unpacking” a problem in terms of its underlying principles and basing the problem on sound theory typically allows for deeper insight into the true nature of the problem. This makes the nature of the problem more complete, more meaningful and therefore longer term sustainable solutions more likely.

Behavioural competency 4
Competency Label: Interpreting Data
Competency Description: This competency is about interpreting data accurately with an emphasis on the processing and interpretation of numbers. This competency also includes the utilisation of technology.

Behavioural competency 5
Competency Label: Articulating Information
Competency Description: This competency is about effectively expressing ideas and concerns, giving presentations, explaining things to others as well as showing confidence in the interaction with other people, both strangers and acquaintances alike.

Behavioural competency 6
Competency Label: Producing Outputs
Competency Description: This competency is about ensuring that tasks are completed within the given time-frame. Behaviours that are emphasised in this competency include working at a fast pace, maintaining productivity and multi-tasking.

Behavioural competency 7
Competency Label: Generating Ideas
Competency Description: The greater the number of alternative ideas or solutions generated, the greater the probability of finding a good solution. This competency is about how fluent an individual is at generating ideas, the number of ideas they generate and how confident they are in their ability to generate unusual ideas or favour radical solutions. This is further enhanced by the extent to which an individual enjoys the creative process.

Technical Competencies

Technical competency 1
Competency Label: Testing
Competency Description: The planning, design, management, execution and reporting of tests, using appropriate testing tools and techniques and conforming to agreed standards, to ensure that new and amended systems, together with any interfaces, perform as specified
Proficiency Level: ADVANCED - Mastered the concept, able to act independently, provides guidance and training to others

Technical competency 2
Competency Label IT Development
Competency Description: The ability to write use and configure applications to provide technical solutions and software components based on technical specifications.
Proficiency Level: EXPERT - Provides leadership in this field both within the organisation and in the larger industry

Technical competency 3
Competency Label: Information Security
Competency Description: The management of, and provision of expert advice on, the selection, design, justification, implementation and operation of information security controls and management strategies to maintain the confidentiality, integrity, availability, accountability and relevant compliance of information systems
Proficiency Level: ADVANCED - Mastered the concept, able to act independently, provides guidance and training to others

Technical competency 4
Competency Label: Structured Test Methods and Processes
Competency Description: Understands and applies the principles of structured testing and existing methodologies through the application of various types of test tools and relevant process modelling.
Proficiency Level: EXPERT - Provides leadership in this field both within the organisation and in the larger industry

Technical competency 5
Competency Label: Use of Build Automation
Competency Description: The ability to use script builders as well as other related automation like continuous integration, automated deployments, and static code analysis tools.
Proficiency Level: ADVANCED - Mastered the concept, able to act independently, provides guidance and training to others

Technical competency 6
Competency Label: Requirements Elicitation
Competency Description: Understanding of the practice of obtaining the requirements of a system from users, customers and other stakeholders and the ability to identify the different elicitation techniques and when to use them.
Proficiency Level: SEASONED - Applies concepts without requiring supervision, able to provide technical guidance when required

Technical competency 7
Competency Label:
Awareness of the Software Development Life Cycle (SDLC)
Competency Description Knowledge and understanding of the standards and phases of implementing new systems or software.
Proficiency Level: ADVANCED - Mastered the concept, able to act independently, provides guidance and training to others

Leadership Competencies (for jobs in Levels of Work 3 to 7)
Leadership Competency 1
Competency Label: Seeking Deeper Understanding
Competency Description: Is actively curious, seeking a deeper, broader and more objective understanding, upon which to base commercial acumen, strategic decisions and actions.
Proficiency Level Description: 1 Seeks to understand the organisation; Gathers input on internal perspectives to move forward. Tries to understand how and why things happen in the Bank and how to influence within the Bank. Proactively seeks this information.

Leadership Competency 2
Competency Label: Driving Delivery of Results
Competency Description: Proactively identifies business opportunities or barriers to business performance and addresses them. Takes accountability for improving the business. Demonstrates a sense of urgency around the achievement of stretching business goals.
Proficiency Level Description: 4 Works towards a strategic business opportunity; Identifies and implements a business opportunity that will have a long term impact on the business (which may include the organisation's reputation or brand image). Makes decisions, sets priorities, or chooses goals on the basis of inputs and outputs: makes explicit considerations of potential profit, return on investment, or cost benefit analysis. Based on the cost benefit analysis, makes decisions of entrepreneurial risk nature.

Leadership Competency 3
Competency Label: Inspiring Performance for Execution
Competency Description: Enables and empowers the team to implement/execute a strategic vision or change for the better. Leads with passion and energy.
Proficiency Level Description: 4 Guides and drives execution; Enables the team to execute against the vision by providing clarity about roles, expectations and accountability. Continually communicates and reinforces the plan and recognises and rewards the team's contributions or progress towards the goal.

Leadership Competency 4
Competency Label: Influencing Others
Competency Description: Effectively and strategically influences across the organisation, based on previously established credibility and respect, as well as understanding the organisational dynamics, politics and interpersonal context.
Proficiency Level Description: 3 Tailors the strategic communications to the audience; Considers the thoughts, concerns, interests and personality of the audience when defining the influencing strategy. Adapts settings, words, presentation, use of third parties or experts when attempting to influence decision makers or stakeholders. Engages the audience at an emotional level based on genuine personal conviction.

Leadership Competency 5
Competency Label: Purposeful Collaboration
Competency Description: Understands and leverages the dependencies across the organisation and the impact of own actions on the rest of the organisation to create organisation alignment for decision-making and delivery of quality outcomes.
Proficiency Level Description: 3 Ensures cross-functional alignment to take action; Uses a clear, disciplined process to fearlessly work from purpose and principles to decisions. Takes decisions as a group considering the input gathered to ensure cross-functional alignment. Commits to the group decision, and owns and implements the decision

Indirect reports
Job Family: Infrastructure Management, Application Development and Support
Number: 1-10
Job Family: Business Partnering
Number: 10-50

Financial accountability
Type of Budget: Operational Budget
Size of Budget (ZAR equivalent): ZAR 10 000 000
Type of accountability: Contributes to budget management

Type of Budget: Project Budget
Size of Budget (ZAR equivalent): ZAR 100 000 000
Type of accountability: Contributes to budget management

Internal relationships
Business area: IT Security Operations
Job: Security Operations
Nature of relationship: Influence their service delivery
Sphere of influence: Impact the whole business line (PBB, IB or EF)
Description or examples: Introduction of new controls, correct operation of existing controls

Business area: IT Security Officers
Job: Security Officers
Nature of relationship: Influence their service delivery
Sphere of influence: Impact the whole business line (PBB, IB or EF)
Description or examples: Help ITSOs and CIOs understand the status of their operational cyber security controls and how to improve it

Business area: All business areas
Job: Channel and Product Owners
Nature of relationship: Influence their service delivery
Sphere of influence: Impact the whole Group
Description or examples: Encourage business management to intervene where cyber security controls become ineffective and improve control effectiveness

External Relationships:
Role type of external contact: Vendors
Nature of relationship: Influence their decision making
Description or examples: Work with vendors of major technologies we use as cyber security controls, to ensure adequate vendor support and resolution of vendor product / service issues

Accountability for problem solving
Degree of guidance received to solve problems:
Generally defined - general principles with guidance from top management
Description or examples: Understand the cyber risk and choose the appropriate control to manage it; ensure that said control is correctly implemented

Degree of original thought required to solve problems:
Uncharted - Development of new concepts or groundbreaking solutions
Description or examples: Create new ways to gather and present controls data

Accountability for planning of activities
Integration of functions that are similar

Description or examples: Co-ordinate activities for IT Security Controls data management across the group

Discretion allowed for decision making
Generally Directed - Policy objectives, management general direction

Description or examples: Understand the cyber risk and test that the appropriate control is in place to manage it; ensure that said control is correctly implemented

Work environment
Working Conditions 1: Night work may be required
Working Conditions 2: Rest of Africa travel may be required
Physical Requirements 1: Open plan office
Physical Requirements 2: No specific physical requirements



 
HOME|
INFO|