Job Purpose

• The Specialist: Cyber Security is responsible for establishing and enforcing information security to protect the computer infrastructure, networks and data against cyber-attacks and internal threats. The position will achieve this by co-ordinating security services from service providers and act as the primary integration layer into the company; the key functional themes are Cyber Security Services, Service Providers, SLA Management.
• The primary functions of this position include validating the effectiveness of existing security measures and developing an overall strategy to ensure the long-term information security efficiency and regulatory compliance. Maintain high performing service support functions as per the Service Level Agreement. The job duties include establishing IT security policies and procedures, managing vulnerabilities, managing the security operations centre service, effective incident management, regulating access to information and training staff on proper use of information systems. Monitoring infrastructure, devices and systems for security gaps, design effective solutions and provide reports to management and executive staff.

Principal Accountabilities

• Contribute to the design of the IT Divisional Strategy and ensure strategies are implemented and integrated within areas of responsibility
• Design/ Contribute to the IT Department Strategy taking into account specialist expertise, best practice, benchmarking and market standards etc.
• Determines policies, processes, action plans and systems to support implementation of the strategy
• Identify and drive initiatives to support profitability and cost containment in department and division
• Manage and control budget in area of responsibility
• Manage the built-in security systems to software, hardware and components
• Develop strategies for software systems, networks, data centers and hardware
• Understand the QA software and hardware for security vulnerabilities and risks
• Identify initiatives in alignment with business requirements and strategic objectives
• Analyse cost drivers and embark on cost containment initiatives in order to maximise the benefits realisation of organisational design and reporting
• Manage services providers according to their service level agreement to ensure budget compliance and reduce risks for the Airline Operational
• Utilises and optimises resources in area of responsibility
• Optimise technology to enhance internal and external customer expectations
• Ensure all processes implemented to deliver customer value
• Drive customer centricity within areas of control
• Establish and manage effective internal and external stakeholder relationships through appropriate relationship building and networking
• Enforce Governance and Risk Management policies, processes and systems
• Deliver on regular and timeous reporting of information to key stakeholders
• Drive continuous optimisation programmes and initiatives
• Engage in trend analysis, benchmarking, research, best practice to support optimisation of department/ division
• Manages programmes and projects to contribute to the optimisation of the department/ division
• Develops and implements information security standards, guidelines, and procedures
• Safeguards information system assets by identifying and solving potential and actual security problems
• Protects system by defining access privileges, control structures, and resources
• Recognises problems by identifying abnormalities; reporting violations
• Implements security improvements by assessing current situation; evaluating trends; anticipating requirements
• Determines security violations and inefficiencies by conducting periodic audits
• Upgrades system by implementing and maintaining security controls
• Keeps users informed by preparing performance reports; communicating system status
• Maintains quality service by following organisation standards
• Maintains technical knowledge by attending educational workshops; reviewing publications
• Contributes to team effort by accomplishing related results as needed
• Configure anti-virus systems and consoles People
• Actively supports and adheres to people processes and plans to deliver on divisional objectives
• Provides direction, mentoring and coaching to team members to maximise productivity and development
• Drives and implements change initiatives with the vision and strategic direction of the airline Lives and role models the airline’s Values

Qualifications & Experience

• Bachelor’s degree in IT Security at NQF level 7 is essential
• Relevant postgraduate qualification will be an advantage
• One or more these industry IT Security and or Cybersecurity Certifications: CISM, CISA, CISSP-ISSEP, CISSP-ISSAP, ISO2-001 Lead Implementer
• ITIL certification will be an advantage
• 3 – 5 years’ experience in IT Security Service Management
• Experience developing departmental policies, procedures, standards and guidelines
• Cyber operations management experience and responsibility leading cyber programmes

Knowledge and Skills

• Experience with security programme that assesses current security posture and recommends effective policies and strategies for long-term protection of the IT assets
• Experience in dealing with cyber-security incidents, vulnerabilities management and overall security strategies
• In-depth understanding of experience in overseeing cyber-security threats, penetration tests and other vulnerabilities including managing the mitigation responses
• Enforcement with all service providers to ensure all infrastructure, network components, applications and devices are properly configured and protected from cyber threats
• Experience with information security standards and regulations
• Latest security and technology developments
• In-depth knowledge of architecture, engineering and operations of enterprise SIEM platforms and SOCs
• Demonstrated experience in Internet and network security products and platforms, including intrusion detection, intrusion prevention, incident response, vulnerability assessments and penetration testing
• Excellent knowledge of information security alerts, threat trends, intrusion analysis, malware, anomalous behaviour, forensic research and incident response protocols
• Knowledge of basic system administration and operating system hardening techniques
• System administration
• Network security
• Problem solving skills
• Information security policies
• On-call network troubleshooting
• Firewall administration
• Network protocols
• Routers, hubs, and switches
• Informing others
• Process improvement
• Resource utilisation
• Strong service management leadership skills and ability to work effectively with all IT functions and service providers
• Strong analytical, project management and team-oriented interpersonal skills
• Proven ability to work under pressure in emergencies and communicate security-related concepts to technical and non-technical staff

Attributes

• Leads crucial conversations
• Coaches and mentors
• Leads projects
• Facilitates transformation and change
• Drives innovation
• Implements and aligns to vision
• Delivers value
• Leverages team diversity
• Role models behaviours and values