Information Security Specialist
Transnet
Johannesburg, Gauteng
Permanent
This advert is open for application by external applicants.
Equity Statement :Preference will be given to suitably qualified Applicants who are members of the
designated groups in line with the Employment Equity Plan and Targets of the Organisation/Operating
Division.
Applicants that are interested in applying for any of the advertised positions must apply by registering on the Careers section
of the Transnet Internet. Please take care in completing all required details on the profile, and then apply for the position.
Alternative Application Methods: (Completed Curriculum Vitae to be submitted)
Post :
E-mail :
Fax :
The closing date is on 14.04.2022. It is the responsibility of the applicant to ensure that HR has received the application
before the closing date of the advertisement.
Note: if you have not been contacted within 30 days of the closing date of this advertisement please consider your
application as unsuccessful.
Any questions regarding the application or recruitment process should be sent in writing to
NOMBASA.LAMANI@TRANSNET.NET.
We urge all our employees, clients, members of the public and our suppliers to report any kind of fraud or corruption at
Transnet. Call the hotline toll free number: 0800 003 056 or email Transnet@tip-offs.com
Operating Division : Transnet Corporate Centre
Position Title : Information Security Specialist
Employee Group : Permanent
Department : ICT
Location : Johannesburg
Reporting To : GM: Enterprise Technology & PMO Services
Grade Level : E
Reference Number : 6003966
Position Purpose:
Manage the development and implementation of the Security Programme in accordance with the Security Strategy as
approved by the Transnet Board. Provide regular reporting and feedback on the implementation thereof. The scope includes
Enterprise Information Management Services (EIMS) and the Operating Divisions Information Management Services (IMS).
Manage the development and implementation of security standards, best practices, architecture, and systems in
compliance with laws, regulations and established leading practices.
Establish, maintain, and continuously improve the information security training and awareness programs.
Establish relationships with business representatives and with key external information risk, security, governance and
compliance bodies and evangelise the information security cause to uplift the image of information security and Transnet
Enterprise Information Management Services with both internal and external key stakeholders.
Implement processes and measures to assess and address security non-compliance.
Build the capacity to respond to security incidents and provide security forensic support to the Transnet Forensic capability
and business.
Establish benchmark and targets and report against these on a regular basis.
Assist the Principal Information Security Specialist in contributing to the third-party cost and service benchmarking
exercise performed as part of the Service Management process.
Position outputs:
Develop the Information Security Programme in alignment with the Transnet Board approved Information Security
Strategy. Ensure the Programme aligns with and supports the information management governance and the business
strategies.
Manage the delivery and reporting on the various cyber security projects with the cyber security project team.
Manages the development and delivery of IT security standards, best practices, architecture and systems to ensure
information system security across the company.
Establish relationships with business representatives and with key external information risk, security, governance and
compliance bodies and promote the information security cause to uplift the image of information security and Transnet
Enterprise Information Management Services with both internal and external key stakeholders.
Ensures that the security standards address legal and regulatory requirements.
Consults with the Information Security Subject Matter Expert to ensure compliance of the Transnet Information Security
Framework with laws, regulations standards and currency with industry security norms.
Facilitate the development and implementation of security policies and procedures (e.g., user log-on and authentication
rules, security breach escalation procedures, security auditing procedures and use of firewalls and encryption routines).
Implement processes and methods for assessing and addressing non-compliance to information security standards.
Manage and participates in the planning and implementation of information security controls for all IT projects.
Facilitates migration of non-compliant environments to compliant environments.
Reports regularly on the progress of implementation of the security strategy/plan for the Enterprise and the Operating
Divisions.
Facilitates the Information Security component of the Information Risk, Security Governance and Compliance Council.
Chairs the Transnet Information Security Forum in support of the above Council
Develops and manages security for more than one IT functional area (e.g., data, systems, network and/or Web) across the
enterprise.
Build the capacity to respond to security incidents and provide IT forensic support to the Transnet Forensic capability and
business
Prepares status reports on security matters to develop security risk analysis scenarios and response procedures. Enforces
security policies and procedures by administering and monitoring security profiles, reviews security violation reports and
investigates possible security exceptions, updates, and maintains and documents security controls.
Establishes and maintains an effective information Security Awareness programme for the Group and in co-ordination with
the Transnet Operating Divisions.
Identifies and address in a timely manner risks that may result in failure or inefficient delivery of aspects of the Programme.
Assist the Principal Information Security Specialist in contributing to the third party cost and service benchmarking exercise
performed as part of the Service Management process.
Qualifications & Experience:
A degree in Information Systems Management, Informatics, Computer Science, Commerce or similar.
A Project Management Professional (PMP) qualification will be an added advantage.
A least 8-10 years’ experience in at least three ICT disciplines in a large business environment, including, but not limited
to:
o Risk Management
o IT Audit
o IT Project Management
o Information Security controls, including Risk Assessments
o Application Development
o Operations
Understanding of Investigation and Forensics techniques and ability to manage a security investigation.
One or more security related qualifications is required: CISM, CISSP, CGEIT, CRISC, CISA, or ISO/IEC 27001LA.
Experience in project management will be advantageous.
Experience in deployment of Information Security Strategies.
Experience in Process Control/SCADA/PLC environments would be considered an advantage.
Experience in COBIT, ITIL, ISO 27000/1/2.
Experience in IT Risk, Compliance and Governance frameworks.
Competencies:
Behavioural Competencies
Strategy & Sustainability:
Strategic Thinking
Commercial Awareness
Innovating
Inspirational Leadership:
Inspiring People
Managing Talent
Leading Change
Embracing Diversity
Business Performance & Delivery:
Lead Business Performance
Strategic Decision Making
Business Acumen
Analysing
Relationship Management:
Communicating Effectively
Collaborating and Networking
Service Orientated
Persuading and Influencing
Corporate Governance & Compliance:
Leading Governance
Leading Safety Practice
Leading Risk Management
Personal Mastery:
Learning and Applying Expertise
Resilience
Emotional Intelligence
Vigour & Personal Drive
.jpg)
.jpg&description=Transnet job){kind=link}
0 Maoni