Information Security Specialist (Ref: TDBISS)

Position in the Information Technology sector in Cape Town - Western Cape
Posted On Friday 13 November 2020
Job Description:

My client is a leading fintech company and they have an exciting opportunity available for an Information Security Specialist to join their team in Cape Town.


Main job function

The Information Security Specialist supports the Information Security Officer in implementing the information security programme and to improve, maintain and assess security measures across the business.


Reporting directly to the Information Security Officer, this role is to ensure security controls are implemented and managed across production application stack and infrastructure to improve the overall security posture while maintaining the security integrity of the brand.


As Information Security Specialist, you will function as a technical advisor and analyst to interrogate tech across the company as well as implement security measures, drive compliance, improve security hygiene and resolve issues by responding to IT threats and vulnerabilities. You will maintain controls to protect unauthorized access, disclosure, modification, and deletion of information, resources and networks. You have an eye for detail and are always looking to improve overall security position. This includes conducting routine security risk analysis, balancing business needs against best practice, monitoring vulnerabilities and record and mitigate risk.


This role suits a technically inclined individual who enjoys interacting with people and is self-driven with interest in automation and integration. This is a combination role of both engineering and analysis with a foot in architecture.


      Grade 12 or equivalent (Essential)

      Tertiary qualification in Computer Science or related field (Essential)

      Recognised industry Certifications such as CISSP, ISSAP, CISM, ISO 27001, OSCP, CEH


5+ years’ experience in IT systems security (Essential)

• Experience in IT Operations, DevOps or DevSecOps (Desirable)

• Banking/Fintech background (Desirable)

• Knowledge of IT systems and network security

• Knowledge of Cloud Platform security

• Knowledge of Container and Software security

• Knowledge of vulnerability scanners, Anti-malware, EDR, etc

• Knowledge of Frameworks such as ISO27001, BSIMM, MITRE, CIS20, OWASP, etc

• Knowledge of Industry standards such as PCI, POPIA, EBA, etc


Duties and Responsibilities (include but are not limited to):

• Security Architecture

• Review current security controls and recommend and implement improvements

• Ensure security tooling is implemented, maintained, and uplifted

• Create and maintain technical security standards and procedures

• Testing and evaluation of security tools and services

• Build monitoring and alerting capabilities to proactively monitor for security breaches and threats

• Integrate security tools into the existing environment

• To conduct IT security audits across the business

• Conduct penetration testing, running scans, simulating attacks on the systems to find exploitable weaknesses

• Identify potential areas of risk that need to be addressed

• Develop and implement SOPs where required

• Maintain effective access controls across the business

• Security Monitoring and response

• Investigate security breaches, including root cause investigations

• Lead incident response, including steps to minimize the impact and then conducting a technical and forensic investigation into how the breach happened and the extent of the damage

• To mitigate future IT security risk

• Maintain current knowledge of cyber security incidents and trends

• Keep up to date with the latest industry trends, tools, and standards

• Research new technologies and approaches in order to ensure best practice is applied

• Identify innovative approaches to ensure world-class security measures are in place

• To compile monthly reports on IT security management

• To manage own professional and self-development


A Consultant will be in touch if you are shortlisted for the position.  Please consider your application unsuccessful should you not have been contacted within 2 weeks.  We will keep your CV on our database and contact you should you match the criteria of any other vacancies.

Please contact Tamrin de Beer