To provide information security services to clients including risk management, compliance services, incident
management and security development services.
Key Responsibility Areas
- Consult, conduct and develop Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP);
- Present training and security awareness and be able to facilitate courses, assess learners and moderate
- Monitor the application of policies for the preventive, detective and corrective measures, especially up-to-
date security patches and virus control, to protect information systems and technology from malware –
viruses, worms, spyware, spam, internally developed fraudulent software, etc., and report on any deviations;
- Monitor the application of policy that ensures that security techniques and related management procedures,
e.g. firewalls, security appliances, network segmentation and intrusion detection, are used to authorise
access and control information flow from and to networks, and report on any deviations; Monitor execution
of risk and security action plans and report on any deviations. Perform security monitoring and periodic
testing and reporting for identified security weaknesses or incidents;
- Maintain and monitor a logging function that enables the early detection of unusual or abnormal activities
that may need to be addressed;
- Monitor sensitive transaction data exchanged to ensure that this takes place only over a trusted path or
medium with control to provide authenticity of content, proof of submission, proof of receipt, and non-
repudiation of origin, and report on any deviations; Identify and document characteristics of existing and
possible new potential security incidents and define impact levels; and
- Conduct vulnerability compliance assessments and log calls for security incidents.
- Recommend corrective action for identified security weaknesses or incidents.
Qualifications and Experience
Minimum: 3 years National Diploma in Computer Science or Information Technology or Network Management or a
relevant discipline NQF level 6 qualification.
Experience: 3 to 5 years Information and Communication Technology (ICT) Infrastructure or Information Security
(IS) or application life cycle management which should include the following. Working knowledge of information
technology security risk management. Exposure to enterprise architecture frameworks (e.g. TOGAF GWEA MIOS)
knowledge of governance processes and standards (e.g. ISO 27001/ 27002 COBIT ITIL). Exposure to information
system security technical standards (e.g.: SSL certificates, anti-virus protection, etc.) Experienced in (e.g. Service
Management, Converge Communication, Risk Management, Information Technology, Applications, etc).
Technical Competencies Description
Knowledge of: Working knowledge of client business environment; Exposure to Enterprise architecture frameworks
(TOGAF; Zachman; FEAF; MODAF; GWEA Framework; MIOS); Knowledge of Governance Processes and Standards
(ISO 9001; ISO 27001/ 27002; ISO 12207 (SDLC); ISO 42010; COBIT; ITIL; UML); Exposure to Information System
Security Technical Standards (e.g.: PKI, IAM, Cryptography); Detailed knowledge of the SOPs of the area/discipline
the jobholder is works in (HR, Finance, IT, etc as well as how to apply it.
Skills: Team leadership skills; Analytical skills; Project management skills; Security developer; security
Other Special Requirements
Valid driving licence and own transportation.
How to apply
Internal candidates must apply using this email address: Julia.firstname.lastname@example.org
External candidates must apply using this email address: Mprecruitment@sita.co.za
Closing Date: 09 July 2021