IT Compliance and Security Specialist (JB4361) Sandton, Gauteng R40 000 to R45 000 a month CTC Permanent A company that specializes in supplying state-of-the-art cash handling equipment and software solutions to a wide range of industries is currently looking for a IT Compliance and Security Specialist to join their Team. Their products cover coin and banknote counting and sorting machines, electronic drop safes for retail establishments, coin sorting and sachet equipment used by CIT companies, and automated pay point solutions Minimum Requirements: Candidate must have strong I.T. knowledge in Access Management, Change Management, IT Operations, IT Risk Assessments, networks, servers, cyber security, and general end user support. Candidate must have knowledge of I.T. Operations, security, governance, frameworks, and a firm grasp of the below to provide to the auditor Familiarity with IT policies and procedures Experienced with Annual reviews and signing off of policies. Ability to add new policies as needed. Knowledge of POPIA requirements. Understanding of ISA 315 audit requirements. Disaster recovery and business continuity testing should be conducted at least once a year. Ability to set up a Disaster Recovery (DR) environment with strong network and server knowledge. Will act as the liaison between Company auditors and Alice and responsible for reporting all findings and ensuring the overall score remains satisfactory. The candidate must possess firm knowledge of Microsoft Baseline Network Security v1.5, Microsoft patch management, user administration foundations, password configuration foundations, and vulnerability, exposure, and risk assessment to maintain a satisfactory Alice score. Duties and Responsibilities: Access to Programs & Data: Implement and maintain policies and procedures for accountability, identity, authorization, authentication, monitoring, access controls, attestation, and direct access to data. Change Management: Establish and manage policies and procedures for change requests, tracking changes, testing changes, separate environments, version control, and change meetings. IT Frameworks: Ensure compliance with IT governance, information security, cybersecurity, service management, IT risk management, software development, IT project management, enterprise architecture, penetration testing, and strategy. Centre for Internet Security (CIS) v8: Implement and manage CIS v8 controls covering inventory and control of assets, software assets, data protection, secure configuration, account management, access control, vulnerability management, audit log management, email and web browser protections, malware defenses, data recovery, network infrastructure management, security awareness training, service provider management, application software security, incident response management, and penetration testing. Audit Controls: Enforce information security policies, organization information security, human resource security, asset management, access control, cryptography, physical and environmental security, operations security, communications security, system acquisition, development, and maintenance, supplier relationships, information security incident management, business continuity management, and compliance. IT Risk Assessment Ensure compliance with the following audit requirements: Access policies, risk registers, user lists, employee listings, user requests, and database logging settings. Change control policies, change lists, change requests, CAB meeting evidence, testing of changes, program library use, version control, and migration software evidence. IT strategy, key stored procedures, monitoring evidence, automatic alerts evidence, backup policies, server names, backup software screenshots, backup reports, offsite backup evidence, testing of backups, backup media rotation evidence, environmental controls, password policies, high-risk event logs, recertifications evidence, database names, and database logging settings. IT strategy copies, IT org chart copies, KPIs and Balanced Scorecards copies, IT asset disposal procedure copies, IT asset identification procedure copies, formal software selection process documentation copies, architecture diagram copies, and formal Incident Management Policy copies. Kontak Recruitment Disclaimer: Equal opportunity: All backgrounds are welcomed, with no bias. All are considered based on requirements. Job specifics: Requirements mirror advertisement, duties may adjust for client needs. Fair process: Fair assessment, only shortlisted candidates contacted due to volume. Privacy: Data processed as per Privacy Policy. By applying, you agree to data handling. We safeguard applicant info. Candidate verification: Candidates selected by the client are verified. False info may disqualify or end employment via the client. Offer clarity: Advert is not a binding offer. Written offers based on pre-employment conditions. No direct link: Advert is not tied to Kontak Recruitment. We assist in the employment process ONLY. Applicant Responsibility: Upon applying, confirmation of receipt for a specific advert is given. If no confirmation is received, you must verify with Kontak Recruitment. Access to Programs & Data: Implement and maintain policies and procedures for accountability, identity, authorization, authentication, monitoring, access controls, attestation, and direct access to data. Change Management: Establish and manage policies and procedures for change requests, tracking changes, testing changes, separate environments, version control, and change meetings. IT Frameworks: Ensure compliance with IT governance, information security, cybersecurity, service management, IT risk management, software development, IT project management, enterprise architecture, penetration testing, and strategy. Centre for Internet Security (CIS) v8: Implement and manage CIS v8 controls covering inventory and control of assets, software assets, data protection, secure configuration, account management, access control, vulnerability management, audit log management, email and web browser protections, malware defenses, data recovery, network infrastructure management, security awareness training, service provider management, application software security, incident response management, and penetration testing. Audit Controls: Enforce information security policies, organization information security, human resource security, asset management, access control, cryptography, physical and environmental security, operations security, communications security, system acquisition, development, and maintenance, supplier relationships, information security incident management, business continuity management, and compliance. IT Risk Assessment Ensure compliance with the following audit requirements: Access policies, risk registers, user lists, employee listings, user requests, and database logging settings. Change control policies, change lists, change requests, CAB meeting evidence, testing of changes, program library use, version control, and migration software evidence. IT strategy, key stored procedures, monitoring evidence, automatic alerts evidence, backup policies, server names, backup software screenshots, backup reports, offsite backup evidence, testing of backups, backup media rotation evidence, environmental controls, password policies, high-risk event logs, recertifications evidence, database names, and database logging settings. IT strategy copies, IT org chart copies, KPIs and Balanced Scorecards copies, IT asset disposal procedure copies, IT asset identification procedure copies, formal software selection process documentation copies, architecture diagram copies, and formal Incident Management Policy copies. Candidate must have strong I.T. knowledge in Access Management, Change Management, IT Operations, IT Risk Assessments, networks, servers, cyber security, and general end user support. Candidate must have knowledge of I.T. Operations, security, governance, frameworks, and a firm grasp of the below to provide to the auditor Familiarity with IT policies and procedures Experienced with Annual reviews and signing off of policies. Ability to add new policies as needed. Knowledge of POPIA requirements. Understanding of ISA 315 audit requirements. Disaster recovery and business continuity testing should be conducted at least once a year. Ability to set up a Disaster Recovery (DR) environment with strong network and server knowledge. Will act as the liaison between Company auditors and Alice and responsible for reporting all findings and ensuring the overall score remains satisfactory. The candidate must possess firm knowledge of Microsoft Baseline Network Security v1.5, Microsoft patch management, user administration foundations, password configuration foundations, and vulnerability, exposure, and risk assessment to maintain a satisfactory Alice score. Sandton, Gauteng R40 000 to R45 000 a month CTC Permanent Apply Now

Share this job with someone you think should apply!

Facebook

It Security Specialist Sandton - Sandton

Related Jobs

IT Support - Linbro Park

Cyber Security Engineer Johannesburg - Johannesburg

Information Security Specialist - Johannesburg

Group IT Manager - Johannesburg

Information Security Specialist Johannesburg - Johannesburg

Want to do another search?