Key Performance Areas

Policy review and implementation

• Contribute to the development and implementation of departmental policy, standards & procedures and processes.
• Keep up to date with effective policy and practice execution strategies.

Incident response and remediation management

• Maintain the Confidentiality, Integrity and Availability of the RAF Information contained within systems and applications.
• Ensure security incidents/requests are recorded in the RAF incident management system.
• Respond and remediate incidents and requests within the statutory time periods.
• Conduct Investigation, analysis and review following any security breach/incident.
• Assist in defining and implementing the RAF’s processes to record the security incident details.
• Investigate incidents as requested.
• Detailed analysis of the incident and suggest corrective actions.
• Compile reports around the breach/incident.
• Implement corrective actions where approved.
• Maintain detailed records of breach/incident using agreed procedures.

Design and develop security controls across RAF systems and networks

• Design and develop ICT system and network security controls in accordance with RAF approved architecture framework and industry best practice.
• Document and maintain all security controls as per RAF governance.
• Obtain management approval in terms of security controls and architecture.
• Conduct technical evaluations in ICT systems and networks in order to identify weakness.
• Prepare recommendations for appropriate control improvement and/or the introduction of new controls.

Reporting

• Ensure all requests and changes are correctly authorised before implementation.
• Ensure that the implementation of controls follow the RAF change control procedure.
• Identify potential security violations prior to and post implementation of controls.
• Implement and maintain ICT security solutions to ensure that systems and networks are protected against security threats and vulnerabilities.
• Design, implement and maintain process and procedures to ensure that security solutions under the area of control are always functioning correctly.

Stakeholder management

• Facilitate and manage communication with relevant internal and external stakeholders in relation to ICT Security related matters and proactively and progressively manage the relationships.
• Provide guidance and support to respective IT operational staff on systems security processes, policies and security controls.
• Manage relationships with service providers or procurement teams and ensure that all relevant procured items are invoiced and paid on time.

Qualifications and Experience

• Bachelor’s Degree/Advanced Diploma in an Information Technology related qualification.
• IT Security Certification (Security+ or CISSP or CISM).
• ITIL Certification.
• Relevant 5-7 years’ experience in an ICT Security environment with speciality in identity and Access Management.