Senior Specialist SOC

Role Purpose

The purpose of the role is managing the Vodacom Security Operating Centre within the Vodacom Cyber Defence space. This role requires the individual to have credible experience in a leadership role within a SOC and must have dealt with major incidents and projects that is relevant to a SOC environment. As a key member of the Vodacom Group Technology Security team, the candidate should be comfortable with driving activities within a SOC that will include management of a vendor, mentoring staff and ensuring that the projects in the area is delivered. Communicating clearly with technical as well as non-technical audiences will be required.

Your Responsibilities Will Include

The incumbent will direct, develop, implement and maintain a comprehensive Vodacom-wide information security governance, risk and compliance strategy

Provide supervisory technology security assurance, guidance and support to high profile projects,

Ensure security is embedded in IT System and Network Infrastructure (Mobile, IS and Enterprise) across the Vodacom Group

Defining, implementing and efficiently maintaining technology security controls and requirements

Ensure timely delivery of technology security assurance and support for projects

Ensure compliance with Legal and Regulatory requirements

Provide SME input to Technology Security Policy requirements and procedures

Support Technology Security awareness programs and educational efforts

Provide accurate and timely reporting of technology security risks identified during project engagement and propose remediation and mitigation options

Fulfil key customers obligations and stakeholders expectation

Participate in creation and execution of technology security strategy

Ensure financial efficiency in Tech Security Solutions

The role requires the individual to monitor information security governance, risk, and compliance by Vodacom Corporate IT, Mobile and Enterprise Business domains

Ensure alignment of information security governance with the Vodacoms business objectives, the information security strategy, plans and controls

Ensure compliance with the applicable legislative and regulatory interpretation and corporate risk appetite;

Lead, develop, manage and maintain the Vodacom-wide information security governance deliverables lifecycle including compliance measurement, deviations and exemptions;

Engage with the stakeholders on compliance to control effectiveness and deficiencies in the design and operating effectiveness of information security controls, design and recommend opportunities for continuous improvement;

Interpret and manage the controls and capabilities required for Vodacom to establish and comply with an information security management system in alignment with information security international best practice and/or industry standard(s);

Develop, manage and implement the Vodacom information security audit and assurance plans and schedules, including any specific business needs and requirements (including PCI, ISO27001, GDPR, POPIA, Cyber Crime Bill)

Manage and conduct formal information security risk analyses, reviews, tests, audits and/or self-assessments;

Design appropriate remedial actions for identified risks, drive remediation of findings and management of risks and exemptions;

Participate in IT general controls and compliance testing activities and/or audits;

Lead, develop and maintain a comprehensive and effective Vodacom information security risk, threat and vulnerability management capability that effectively anticipates the latest threat and vulnerabilities for Vodacom, as well as assesses and reduces information security risk to within the corporate risk appetite

Report information security risks in an appropriate way for different audiences;

Lead, drive and manage information security investigations and incident management;

Develop, manage and maintain an information security incident management capability;

Manage, plan, implement and monitor Vodacom information security awareness and training program;

Develop, measure and manage Vodacom measurements to assess the effectiveness of this program, and drive continuous improvement;

Develop and implement online security awareness and training interventions based on business need, facilitate and/or provide information security awareness and training;

Collaborate with various key stakeholders, and provide information security advice to stakeholders

The Ideal Candidate For This Role Will Have

Core competencies, knowledge and experience:

Diploma or Bachelors Degree in Computer Science, Information Systems, Systems Analysis, or other related field

5 to 8 years of experience working in a Security operations centre

Tech Security role where you meet business deliverables

Knowledge of common information technology management / compliance frameworks such as ISO/IEC 27001, SOC 2, SOX, ITIL, COBIT, and NIST.

Knowledge of legal, regulatory and privacy requirements, such as Personally Identifiable Information (PII) Protection and Payment Card Industry (PCI)/Data Security Standard.

Proven experience managing and operating multiple security programs, projects, and initiatives

An ability to think strategically and drive change

A deep understanding of Technology Security risks and mitigating solutions

A diverse security background with knowledge in several areas including: layered security architecture; internet protocols; firewalls; VPN technologies, IDS/IPS, network access control and network segmentation, anti-malware and spam technologies; risk and vulnerability assessments, and compliance.

Security concepts related to DNS, routing, authentication, VPN, proxy services and DDOS mitigation technologies

Windows, UNIX and Linux operating systems

Practices and methods of enterprise architecture and security architecture

Network security architecture development and definition

Web Security & Encryption

Strong organizational skills and an entrepreneurial drive with a history of recruiting and developing high-performing teams

Ability to build and manage highly motivated and innovated technical team

Ability to work under time and resource pressure

An ability and desire to communicate and work with a broad set of stakeholders

A customer-focused, responsive, and transparent attitude

An industry certification. The CISSP is strongly preferred.

Closing date for Applications: 23 March 2023

The base location for this role is, Midrand, Vodacom Campus

The Companys approved Employment Equity Plan and Targets will be considered as part of the recruitment process. As an Equal Opportunities employer, we actively encourage and welcome people with various disabilities to apply.

Vodacom is committed to an organisational culture that recognises, appreciates and values diversity & inclusion.