1 Position Details Position Information Security Specialist Business Unit Quality and Risk Management Managing any People No 2 reports to Chief Information security officer 3 Overall Purpose Of The Role The KPMG Africa Information Security Specialist is to assist with ensuring the confidentiality, integrity, and availability of all systems across the KPMG Africa offices (South Africa, Botswana, Mauritius, Mozambique, Namibia, Zambia, Zimbabwe, Nigeria, Ghana, Kenya, Uganda, Tanzania, and Rwanda).
The KPMG Africa Information Security Specialist is to achieve by actively managing and monitoring information security system in order to detect, respond and remediate information security risks and threats across the infrastructure.4 Position Specifications Educational (minimum level necessary to perform the job) Professional/Tertiary • Professional Other requirements Experience (minimum necessary before being considered for the job) Desired Qualification and Experience: • 3 - 5 years' experience in Information Technology Support or Information Security including Microsoft Azure • Industry recognized qualification A+, N+, Security +, CySA+, including Cloud Security certifications such as, o Microsoft Certified: Security Operations Analyst Associate o Microsoft Certified: Information Protection and Compliance Administrator Associate o Microsoft Certified: Security, Compliance, and Identity Fundamentals o Microsoft Certified: Identity & Access Management o Microsoft Certified: Azure Security Engineer • Professional certification preferred but not required (CISM, CISSP, ECIH) • Ability to demonstrate strong knowledge of information security and cloud security concepts.
• Experience with identifying, analysing, and reporting on information security risk and incidents.
• Meaningful work experience in information security environments, including security incident response, threat analytics, security operations, vulnerability management and security risk management.
• Demonstrated knowledge of security related tools, systems, and applications such as Qualys, Microsoft Devender Endpoint, Microsoft Sentinel, etc.
• Experience with evaluating security vulnerabilities, developing mitigation strategies, and implementing remediation.
• Strong knowledge of operating systems and application technologies , Microsoft Servers, Active Directory.
• Strong Knowledge in Network infrastructure protocol and technologies.5 Core Competencies (Attributes) • Attention to detail and accurate documentation • Ability to analyse and interpret information • Able to work independently and as part of a team • Ability to organize and prioritise multiple tasks and work under pressure 6 List of Key Performance Areas & Key Performance Indicators Main responsibilities List the tasks underpinning the responsibility 1.
Incident Management • Monitoring of incident response channels.
• Execution of the firms Information Security Incident Management Process and escalation of high priority issues.
• Continuous status tracking and escalation of open incidents.
• Produce weekly report for the CISO on incident remediation status across One Africa.
• Produce quarterly report for the CISO on incident status and trends across One Africa.
2.
Security Systems Configuration and Management • Daily monitoring of security systems to ensure they're functioning appropriate .
• Configuration and management of the Information Security systems such as Vulnerability, Privileged Access and Log management systems.
• Asset reconciliation to ensure appropriate coverage of security systems such as vulnerability management, log management, etc.
• Producing reports for Operational IT Team and assist with issue prioritisation and resolution of system security configuration issues.
3.
Monitoring of Patch Management • Monitoring of the performance of the Patch Management processes and identification of process inefficiencies and risks.
• Investigating and escalation of challenges preventing compliance with standards.
4.
Threat and Event Monitoring • Detecting and Monitoring Information Security Threats and Events using the Information Security systems with appropriate escalation where required.
5.
Vulnerability Management • Daily monitoring of external and internal vulnerability management systems for newly discovered vulnerabilities.
• Monthly asset reconciliation to ensure that the appropriate assets are scanned.
• Initiate and manage vulnerability remediation actions with respective owners.
• Assist with ad-hoc and annual network penetration testing activities.
6.
Support the implementation of NITSO Projects and other team initiatives • Provide support with the execution of project or information security related initiatives.