IT Security Specialist
Key Job Accountabilities
- Investigates security breaches in accordance with established procedures and security standards and recommends required actions and supports / follows up to ensure these are implemented. Investigates and reconciles violation reports and logs generated by automated systems. Where appropriate (i.e. involving employees within own organisation) interviews minor offenders and compiles reports and recommendations for management followup.
- Provides guidance and assistance in defining access rights and privileges. Operates and administers both physical and logical access controls used in order to provide continuous and secure access to information services.
- Conducts security control reviews in well defined areas. Assesses security of information and infrastructure components. Investigates and assesses risks of network attacks and recommends remedial action.
- Conducts business risk and vulnerability assessments and business impact analysis for medium complexity information systems.
- Reviews compliance with information security policies and standards. Assesses configurations and security procedures for adherence to legal and regulatory requirements.
- Reviews network usage. Assesses the implications of any unacceptable usage and breaches of privileges or corporate policy. Recommends appropriate action.
- Explains the purpose of and provides advice and guidance on the application and operation of elementary physical procedural and technical security controls. (For example the key controls defined in IS27002). Communicates information assurance risks and requirements effectively to users of systems and networks.
- Investigates suspected attacks and undertakes the investigation and resolution of security incidents in accordance with established procedures including incident management procedures. Uses forensics where appropriate . Reports on findings and lessons learnt / improvement actions.
- Delivers elements of the security components of system architectures.
- Investigates causes of incidents and seeks resolution.
Qualifications
Bachelor’s degree in Computer Science Information Technology Information Systems or other relevant discipline.
Knowledge and/or Experience
- 10 years’ Information Security experience ideally within the oil/gas industry.
- Conversant with relevant Information Security national and international standards.
- Attain and maintain experience in accordance with relevant IT competency frameworks.
- Good working knowledge of Information Security coupled with equivalent knowledge of the activities of those businesses and other organizations that employ IT.
Understanding of the principles and practices involved in development and maintenance of Information Security requirements
Technical and Business Skills
- Assesses and evaluates risk and the impact of legislation and actively promotes compliance.
- Possesses a good understanding of IT business applications.
Effective and persuasive in both written and oral communication