Job Description

About the job

Our Client

A global leader in the BPO sector offering world-class CX and Service Centres at all their locations. They service industries such as eCommerce, Retail, Food Delivery, and Technology


Purpose Of The Job


To ensure Our Client's Information Security Management System is maintained and the compliance of staff and policies, procedures, guidelines, and standards used to support the effectiveness of the ISMS.


Preferred Skills


WHAT YOU NEED TO QUALIFY:


Meticulous attention to detail
Ability to work under pressure to strict deadlines
Ability to work towards team and individual targets
Building and maintaining effective working relationships, with both internal and external teams, and clients.


Qualifications Required


Bachelor’s degrees in Computer Science or Computer Engineering or Cyber Security
Industry-related certification required (e.g. CISM, CISA, CEH, etc.) preferred ISO 27001 Lead Auditor preferred
Previous experience in a BPO environment


The Job


Key Responsibilities:

Carry out all ISMS activities to ensure maintenance of SOC-2 type 2, ISO 27001:2005, PCI-DSS certifications at South Africa and Bangladesh sites
Conduct risk assessments on client operations and ensure client’s information security requirements are effectively addressed
Assist the central management team in overseeing compliance activities relating to information security and privacy
Act as the central coordinator for actual / potentially Information Security and Privacy incidents at the location and Lead the investigations.
Professional Knowledge and attributes required:
Excellent English communication skills (written and verbal)
Superior understanding of ISO27001, SOC-2 and PCI-DSS and integration and maintenance within an ISMS
Good working knowledge of Information security related requirements
Solid Knowledge of IT Corporate Governance Principles
Ability to evaluate and analyze threat, vulnerability, impact and risk to security issues discovered from security assessments
Advise on InfoSec security issues, including explanation on the technical details and how they can remediate the vulnerabilities in the systems
Manage information protection and data privacy with an understanding of POPIA and European GDPR
Strong understanding of Information technology / IT security concepts
A good understanding of various information system technologies including: Active directory, Networking, LAN / WAN, firewalls, IDS / IPS, Log management systems, web content filtering systems, enterprise Antivirus management systems, Patch management, OS hardening guidelines, etc.
Information system auditing experience
Sound working knowledge of the latest Microsoft packages (Word, Excel, PowerPoint & Outlook)
Design security guidelines and controls to enforce security on web-based applications using Threat Modeling, Threat Profiling, OWASP Top Ten Testing, Black Box Testing, and Source Code Reviews.
Facilitate external VA/PT audits, Application Security Audits, and customer audits, and actively project-manage the remediation of audit findings


Desired Skills and Experience
Firewalls, IT Security Compliance, Active Directory, POPIA, Patch Management, SOC-2, ISO27001, ISMS, PCI-DSS, IT Corporate Governance Principles, IT Security Concepts, GDPR, WAN/LAN, IDS/IPS, Log Management Systems, Web Content Filtering Systems, Enterprise Antivirus Management Systems, OS Hardening Guideling

Quick response

Required Knowledge

• K0001   Knowledge of computer networking concepts and protocols, and network security methodologies.
• K0002   Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
• K0004   Knowledge of cybersecurity and privacy principles.
• K0005   Knowledge of cyber threats an`d vulnerabilities.
• K0043   Knowledge of industry-standard and organizationally accepted analysis principles and methods.
• K0054   Knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities.
• K0087   Knowledge of system software and organizational design standards, policies, and authorized approaches (e.g., International Organization for Standardization [ISO] guidelines) relating to system design.
• K0121   Knowledge of information security program management and project management principles and techniques.
• K0180   Knowledge of network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools.
• K0261   Knowledge of Payment Card Industry (PCI) data security standards.

Required Skills

• S0027   Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.

Required Abilities

• A0161  Ability to integrate information security requirements into the acquisition process; using applicable baseline security controls as one of the sources for security requirements; ensuring a robust software quality control process; and establishing multiple sources (e.g., delivery routes, for critical system elements).