Specialist: Cyber Security Officer at Vodacom South Africa
Specialist: Cyber Security Officer at Vodacom South Africa
Vodacom Johannesburg, Gauteng, South Africa
- The primary purpose of the role is to work within a team of Secure by Design and Security Architecture specialists, in collaboration with the Privacy and Business Risk Teams to Perform Secure by Design Assessments against Vodacom policies and standards. In performing this role you will:
- Identify potential cyber security risks for new products, services, and operations and identify controls to minimize, mitigate or remove those privacy and security risks.
- Review Design and implementation of the identified controls to ensure they are built into the product (at the Design & Build stages).
- Assure that privacy and security controls have been implemented before the product goes “live” and product complies with Vodacom/Vodafone Security requirements and applicable laws (at Test & Go-Live stages).
- Assess security and privacy risks arising from changes to existing live products that impact the processing of personal data (In-Life).
- Ensuring security and privacy risks are addressed when decommissioning these products (Decommissioning).
- You will also be required to drive the delivery of Cyber Security strategy and maturity improvement or risk reduction initiatives into the business unit(s) to which you will be assigned, and monitor progress against agreed targets to safeguard Vodacom Infrastructure and customer data from Cyber threat actors.
- This role will involve working with the Busines unit, Cyber and IT stakeholders in Vodacom South Africa to drive out Cyber Security baseline requirements – Some of these responsibilities may extend to collaboration with Group Cyber Security and other operating companies to ensure that cyber security controls are consistently applied across markets.
- Specialist: Cyber Security Officer at Vodacom South Africa
Your Responsibilities Will Include
- Provide technology security assurance, guidance, and support to high-profile projects.
- Ensure security is embedded in IT systems and Network Infrastructure (Mobile, IS, and Enterprise) across the Vodacom Group.
- Defining, implementing, and efficiently maintaining technology security controls and requirements.
- Ensure timely delivery of technology security assurance and support for projects, products, and services.
- Ensure compliance with Legal and Regulatory requirements.
- Support Technology Security awareness programs and educational efforts within the business unit to which you are assigned.
- Provide accurate and timely reporting of technology security risks identified during secure by design assessments, and project engagement, and propose remediation and mitigation options in line with policy and good practice
- Fulfill key customers’ obligations and stakeholders’ expectations.
- Ensure financial efficiency in Tech Security Solutions.
- Ensure compliance with the applicable legislative and regulatory interpretation and corporate risk appetite
- Engage with the stakeholders on compliance to control effectiveness and deficiencies in the design and operating effectiveness of information security controls, design and recommend opportunities for continuous improvement;
- Manage and conduct formal information security risk analyses, reviews, tests, audits, and/or self-assessments.
- Design appropriate remedial actions for identified risks, drive remediation of findings, and management of risks and exemptions.
- Assist to compile a report on information security risks appropriately for different audiences.
- Develop, manage and maintain an information security incident management capability.
- Collaborate with various key stakeholders, and provide information security advice to stakeholders.
- This Will Include Coaching Or Guiding Them
- Together with the CSO team advise on Security decisions for the Agile Team to which you have been assigned and guide the identified Security Champions to imbed security within the CI/CD pipeline.
- Coach identified Security Champions to gain practical cyber and develops understanding and knowledge.
- Coach Product Owners and all team members on the importance of security requirements.
- Support product and service development with Secure by Design expertise.
- Alert Cyber Security to security incidents following Vodafone Standards for reporting.
- Report on risk and compliance levels for relevant products and services.
- Provide input into the definition of the Secure by Design blueprints, patterns, and design principles to support product and service development.
- Give teams recommendations for remediation of vulnerabilities or weaknesses in products or services.
- Organise chapter meetings/scrums with Security Champions using Agile tool sets and report back to Manager Cyber Secure by Design.
- Convert security requirements into stories based on needs.
- Give overall guidance on different security activities across Agile teams.
Ideally You Should Possess The Following
- Matric/Grade 12 is essential.
- 3-year Technical Diploma/Degree in Information Security, Computer Science, or Engineering.
- An industry certification. The CISSP is strongly preferred, however, CCSP, OSCP, CISM, CISA, or other relevant certifications will be considered. Security/IT Architecture qualifications such as SABSA, TOGAF, etc, and relevant security architecture experience will be an added advantage.
- Minimum of 3-5 years of experience in Cyber Security role.
- Knowledge of common information technology management/compliance frameworks such as ISO/IEC 27001, NIST CSF, ISF, PCI DSS, OWASP, SANS, etc.
- A deep understanding of Technology Security risks and mitigating solutions.
- Diverse security background with knowledge and experience in three or more Security Domains including Security Assessment and Testing; Software Development Security; Security Governance and Risk Management; Security Architecture and Engineering; Communication and Network Security; Identity and Access Management; Security Operations; Asset Security.
- Specialist experience in Either DevSecOps, Application Security, Security Architecture, or Offensive Security will be an added advantage.
- Knowledge of operating systems such as Windows and Linux and how to secure them.
- Knowledge of and/ or experience in creating and managing DevSecOps pipelines practicing CSA, SAST, DAST, and Security as Code will be an added advantage.
- Be well-versed in at least one of the programming languages like Java, PHP, Python, Ruby, and Perl to collaborate competently with software engineering teams within the organization to identify and implement opportunities for improvement and automation in the CI/CD pipeline.
- Knowledge of Cloud and container technologies such as AWS/GCP/Azure, Docker, Kubernetes, and how to implement developer tools such as GitHub and Dependency management will be an added advantage.
- Knowledge of configuration management tools such as Chef, Puppet, and Ansible will be an added benefit.
- Ability to work under time and resource pressure.
- An ability and desire to collaborate and communicate with a broad set of stakeholders.
- A customer-focused, responsive, and transparent attitude.
Closing date for Applications: 25 September 2022.
The base location for this role is, Midrand, Vodacom Campus.
The Company’s approved Employment Equity Plan and Targets will be considered as part of the recruitment process. As an Equal Opportunities employer, we actively encourage and welcome people with various disabilities to apply.
Vodacom is committed to an organizational culture that recognizes, appreciates, and values diversity & inclusion
ALSO Read: Top 10 Best Universities in Africa 2022