Overview

The IT Security Analyst will assist set and drive through the information security strategy and work as part of a team reporting to the Global Head of IT Security and Compliance .

Responsibilities include drafting of policy, standards and producing guidelines for the business, globally, as well as providing information security and business continuity advice.

Other key functions are to monitor the information security and business continuity, ensure the resilience of the IT estate and to ensure compliance to legal and regulatory requirements where necessary.

You will develop and maintain relationships across the business and the IT function to ensure compliance and knowledge of latest threats and solutions.

The increased use of Cloud based infrastructure and software services, mobile device use and BYOD challenges requires an in depth knowledge of the security risks across these domains.

Responsibilities

• Conduct IT systems security assessment and reviews for compliance with established security standards, policies, procedures and guidelines;
• Provide written responses to security related questions in Requests For Information (RFIs) and other such enquiries;
• Collaborate with corporate compliance regarding regulatory changes to compliance standards as they relate to Santa Fe data assets or other business regulations related to IT. Align policies, standards, and controls framework to laws and regulations. Gather feedback to improve policies, standards or procedures across the global IT organization;
• Works with global business and IT teams to determine needs of individual businesses and identify controls that protect against unauthorized access, modification, or destruction of information assets;
• Accountable for the response and monitoring of any information risk or security responses to audits;
• Assist with gathering and presenting information for regulatory reviews and external audits with respect to IT governance and risk. Communicate risk and security related reports to IT and business leadership;
• Manages and implements security awareness and training efforts and educates employees and business partners on security policy and best practices. Mentor and educate Senior SFG team members on leading risk management practices and methods;
• Facilitate information security governance through the implementation of a governance program;
• Enhance an information security management framework based on appropriate best practice, such as: International Organization for Standardization (ISO) 2700X, ITIL, COBIT/Risk IT and National Institute of Standards and Technology (NIST);
• Provide strategic risk guidance for IT projects, including the evaluation and recommendation of technical controls including their successful implementation;
• Ensure compliance with Data Protection and Data Privacy Legislation for all systems;
• Develop and oversee effective disaster recovery policies and standards to align with enterprise business continuity management program goals. Coordinate the development of implementation plans and procedures to ensure that business-critical services are recovered in the event of a security event. Provide direction, support and in-house consulting in these areas;
• Arrange Vulnerability and Penetration Testing of Infrastructure and Applications following up on results and remediation;
• Assist in Monitoring IT Security Audit Programs across the Global organization to ensure any threats and vulnerabilities to Business Applications and Infrastructure are addressed in a timely manner.

Requirements

• Degree level or equivalent in computing or related subject;
• A professional qualification such as CISSP, CISA or similar;
• Familiarity with IT Cloud – Amazon AWS and Microsoft Azure ; Microsoft Office 365 security; and Active Directory Infrastructure;
• Knowledge of Industry / Legal and Regulatory Standards – ISO27000, PCI-DSS, COBIT, SOX, ITIL, and ones from NIST;
• Proven track record and experience in developing information security policies and procedures as well as successfully executing programs that meet the objectives of excellence in a dynamic environment;
• Must be a critical thinker, with strong problem-solving skills;
• Exhibit excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives;
• Experience with contract and vendor negotiations;
• High level of personal integrity, as well as the ability to professionally handle confidential matters, and show an appropriate level of judgment and maturity;
• High degree of initiative, dependability and ability to work with little supervision;
• Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences;
• Thorough understanding of network security technologies and the ability to align those with business objectives and system requirements;
• High degree of integrity, constant vigilance, sound judgment and the ability to appropriately handle exposure to highly confidential and sensitive company information.

We offer an attractive remuneration package to the right candidate. Interested parties please send your resume, present and expected salary, contact number and date available by clicking "Apply Now".

Our Company is an equal opportunity employer and welcomes applications from all qualified candidates. The personal data provided will be used for consideration in your application for the applied post and other suitable positions in Santa Fe. Applicants who are not invited for interview within 6 weeks may consider their applications unsuccessful. All personal data of unsuccessful candidates will be destroyed after 6 months.