Information Security Specialist

Description

Position: Information Security Specialist

Reports To: Head of Information Security

Business Unit: Information Security

This position description should represent your role and responsibilities at the time of appointment, however due to the dynamic nature of our business, your job title, key tasks and responsibilities are likely to evolve over time. The flexibility to adapt to any changes should be considered a key requirement of working at client.

Role Purpose:

As an Information Security Specialist you will be responsible for providing Information Security guidance to projects and performing security assessments on information system implementations. You will maintain close relationships with key personnel to identify risks, articulate threats and provide secure solutions to assist the business in achieving its goals.

Key Responsibilities and Tasks:

• Perform validation review of deployed solutions as part of the client InfoSec Project Assessment process to ensure security requirements are met and complied with.
• Work with the business to ensure that appropriate security requirements are identified and issued whenever new projects, services or changes are introduced.
• Promote security awareness and policy advocacy by supporting various internal and external stakeholders as required.
• Maintain strong relationships with team members and organisational stakeholders.

Translate identified security vulnerabilities into threat scenarios that are understandable by the business.

• Identify business risks/vulnerabilities and suggesting security enhancements for new and existing projects.
• Provide Information Security support for client solution design and architecture teams.
• Review and support changes to the information system and network environment.
• Translate identified security vulnerabilities into threat scenarios that are understandable by the business.
• Provide inventive and plausible options to difficult compliance problems.
• Ensure that plans for security technologies integrate effectively with other aspects of the technical infrastructure.
• Provide expertise and input on emerging security technologies, issues and directions.

Knowledge & Experience Requirements:

• At least 5 years professional information security experience.
• At least 10 years in hands-on technical roles.
• 3 years telecommunications experience desirable.
• Strong technical skills with proven experience in Scripting languages.
• Strong interpersonal skills and ability to relate to all levels of personnel with the organisation.
• Ability to lead and influence with strong negotiating skills.
• Ability to accurately judge the impact that identified risks will have on the business.
• Ability to accurately judge the likelihood of identified risks being realised.
• Solution implementation analysis, problem solving, and business relationship skills.
• Broad understanding of Information Security principles associated with networks, application development, Internet, email, operating systems, Firewalls, VPN's, databases, virus management, intrusion detection, cryptography and E-commerce, with high level expertise/specialisation in several of these fields.
• Recent experience in wireless scanning, penetration testing, vulnerability scanning and formal risk assessment.
• Broad and deep understanding of mainstream information, network and communications technology.
• CISSP, GIAC and CEH certifications desirable.
• Ability to self-study and acquire required skills to further responsibilities.