Information Security Analyst III

Job Classification

131663 (PKI Cryptography Security Systems)

Job Family

Information Technology

Career Stream

IT Risk

Leadership Pipeline

Manage Self: Expert

Job Purpose

To provide expert advice on complex aspects of information security within their fields of expertise. To identify and resolve complex technical issues related to security technologies. To collaboratively perform in-depth analysis with stakeholders on complex information security issues and provide optimum solutions which meet both business and technical requirements while aligning with the information security strategy. To analyse and enhance information security related processes with the aim to optimise work within the sphere of Information Security in its entirety. Working independently to deliver on work tasks. Pro-actively mentor staff. To ensure stability and up-time for areas the incumbent takes responsibility for; which also requires being available on demand to help solve issues outside of normal working hours

Job Responsibilities

• Build relationships with stakeholders to facilitate the flow of knowledge, input and discussion on new products and solutions as required. Leverage on expertise and internal networks to manage and resolve incidents, strengthening relationships.
• Capture timesheets and claims timeously and accurately.
• Propose solutions that are cost effective while meeting information security (IS) requirements within budget.
• Provide input into the negotiation process with vendors for new and existing technologies and services.
• Contribute to a culture of transformation by participating in Nedbank culture building initiatives, business strategy, and CSI.
• Stay abreast of developments in field of expertise, ensuring personal and professional growth.
• Understand and embrace the Nedbank vision and values, leading by example.
• Seek opportunities to improve business processes, models and systems.
• Participate in Research and Development related to specific Information Security Technology.
• Participate in proof of technology and proof of concept.
• Contribute to the content of the curricula.
• Oversee the implementation of the changes and check for the shortcomings and risks.
• Expert in-depth interpretation of MIS and system logs/reports to correct any deviations against best practices.
• Identify and set selection criteria for new products.
• Participate in the implementation and hand over of new products as provided in the selection criteria.
• Keep abreast of information security policies, rules, standards and processes, procedures and practices, as well as business rules, introducing new industry concepts to information security.
• Create and review all relevant processes and procedures mindful of current policies and standards.
• Create, maintain and review information security standards.
• Oversee and monitor environment per set standards.
• Review and contribute to project documentation.
• Mitigate risks. Implement specific Information security technologies. Gain further exposure and experience on multiple technologies.
• Log, submit and implement low, medium and high risk security changes independently.
• Provide guidance and supervision to Administrators and other analysts on implementation and changes.
• Oversee and ensure change was success.
• Support the achievement of the business strategy, objectives and values.
• Enable skilling and required corrective action to take place by sharing knowledge and industry trends with team.
• Obtain buy-in for developing new and/or enhanced processes that will improve the functioning of stakeholders' businesses.
• Provide technical mentoring related to specific security product. Participate in defining career stream and role requirements. Attend tech security industry forums and present technical papers.
• Provide technical mentoring both to Individual and specialist development projects.

Job Responsibilities Continue

• Perform Key Management lifecycle activities in line with industry standards and requirements.
• Design security payment system solutions.
• Formulate cryptography-related information security standards and review standards on an annual basis, align with and communicate standards to stakeholders, and ensure awareness is created. 
• Periodically monitor conformance to standards and inform stakeholders accordingly.
• Deploy and maintain cryptography systems in line with the mandated information security standards.
• Monitor cryptography systems for availability.
• Perform the role of primary key custodian.
• Participate in key management duties.

Essential Qualifications - NQF Level

• Advanced Diplomas/National 1st Degrees

Essential Certifications

• CISSP , CISM or relevant qualifications (this is essential certification )

Preferred Certifications

Security+
PKI Cryptography.
CISSP
Payment Systems Related
 

Minimum Experience Level

Minimum of 5 years’ experience PKI Cryptography Security Systems.

Exposure to:

•    PKI
•    HSMs
•    Payment Systems
 

Technical / Professional Knowledge

• Administrative procedures and systems
• Banking knowledge
• Data analysis
• Governance, Risk and Controls
• Microsoft Office
• Principles of project management
• Relevant regulatory knowledge
• Relevant software and systems knowledge
• Business writing skills
• Information Security Threats and Attact vectors
• Cluster Specific Operational Knowledge
• System Development Life cycle(SDLC)
• TCP/IP
• Information Security terms and definitions
• Basic computer concepts
• Relevant Operating System
• Information Security policies and procedures
• Vendor Management Principles

Behavioural Competencies

• Coaching
• Collaborating
• Decision Making
• Influencing
• Innovation
• Technical/Professional Knowledge and Skills

---------------------------------------------------------------------------------------

Please contact the Nedbank Recruiting Team at +27 860 555 566