Specialist: Cyber Secure by Design

Role purpose:
The primary purpose of the role is to work within a team of Secure by Design and Security Architecture specialists, in collaboration with the Privacy and Business Risk Teams to Perform Secure by Design Assessments against Vodacom policies and standards.

Your responsibilities will include:
Provide technology security assurance, guidance and support to high profile projects,

Ensure security is embedded in IT System and Network Infrastructure (Mobile, IS and Enterprise) across the Vodacom Group

Defining, implementing, and efficiently maintaining technology security controls and requirements

Ensure timely delivery of technology security assurance and support for projects, products and services.

Ensure compliance with Legal and Regulatory requirements

Support Technology Security awareness programs and educational efforts within the business unit to which you are asssigned

Provide accurate and timely reporting of technology security risks identified during secure by design assessments, project engagement and propose remediation and mitigation options in line with policy and good practice

Fulfil key customers obligations and stakeholders expectation

Ensure financial efficiency in Tech Security Solutions

Ensure compliance with the applicable legislative and regulatory interpretation and corporate risk appetite;

Engage with the stakeholders on compliance to control effectiveness and deficiencies in the design and operating effectiveness of information security controls, design and recommend opportunities for continuous improvement;

Manage and conduct formal information security risk analyses, reviews, tests, audits and/or self-assessments;

Design appropriate remedial actions for identified risks, drive remediation of findings and management of risks and exemptions;

Assist to compile a report of information security risks in an appropriate way for different audiences;

Develop, manage and maintain an information security incident management capability;

Collaborate with various key stakeholders, and provide information security advice to stakeholders

The ideal candidate for this role will have:
Technical / professional requirements:
3 year Technical Diploma/Degree in Information Security, Computer Science or Engineering

An industry certification. The CISSP is strongly preferred, however CCSP, OSCP, CISM, CISA or other relevant certifications will be considered. Security/IT Architecture qualifications such as SABSA, TOGAF etc and relevant security architecture experience will be an added advantage

Minimum of 3-5 years of experience in Cyber Security role

Knowledge of common information technology management / compliance frameworks such as ISO/IEC 27001, NIST CSF, ISF, PCI DSS, OWASP, SANS etc.

A deep understanding of Technology Security risks and mitigating solutions

A diverse security background with knowledge and experience in three or more of the Security Domains including: Security Assessment and Testing; Software Development Security; Security Governance and Risk Management; Security Architecture and Engineering; Communication and Network Security; Identity and Access Management; Security Operations; Asset Security.

Specialist experience in Either DevSecOps, Application Security, Security Architecture or Offensive Security will be an added advantage.

Core competencies, knowledge and experience:
Knowledge of operating systems such as Windows and Linux and how to secure them

Knowledge of and/ or experience in creating and managing DevSecOps pipelines practicing CSA, SAST, DAST, and Security as Code will be an added advantage

Be well-versed in at least one of the programming languages like Java, PHP, Python, Ruby, and Perl so as to collaborate competently with software engineering teams within the organization to identify and implement opportunities for improvement and automation in the CI/CD pipeline.

Knowledge of Cloud and container technologies such as AWS/GCP/Azure, Docker, Kubernetes, and how to implement developer tools such as GitHub and Dependency management will be an added advantage.

Knowledge of configuration management tools such as Chef, Puppet, and Ansible will be an added benefit.

Ability to work under time and resource pressure.

An ability and desire to collaborate and communicate with a broad set of stakeholders.

A customer-focused, responsive, and transparent attitude

Closing date for Applications: 30 April 2023.
The base location for this role is Midrand, Vodacom Campus
The Companys approved Employment Equity Plan and Targets will be considered as part of the recruitment process. As an Equal Opportunities employer, we actively encourage and welcome people with various disabilities to apply.

Vodacom is committed to an organisational culture that recognises, appreciates and values diversity & inclusion.