The role of the I.T. Security and Audit Officer is to research, develop, implement, test and review client information security in order to protect information and prevent unauthorized access. The ITSAO informs the business about security measures, explains potential threats, installs software, implements security measures and monitors networks.
The ITSAO is responsible for managing the data and voice infrastructure security considerations to ensure the safety and integrity of all client information assets. They are responsible for investigating potential risks and performing any mitigating actions deemed suitable to ensure the continual operation of core business functions in accordance with I.T. security policy and any applicable governance or compliance requirements.
The ITSAO is also responsible for the physical security controls put in place to protect client staff and assets.
Company have clients who require support 24 x 7 x 365 as such the role is expected to be able to operate with a degree of autonomy.
The ITSAO will perform all duties as listed in the Accountabilities section of this document and any other duties deemed reasonable and suitable.
Security Audits – 40%
- Manage the internal security audit timetable and perform regular audits on users, group policies and access controls in accordance with client’s policies and procedures.
- Review system access logs on a regular basis to identify potential weaknesses and threats.
- Audit system logs to identify suspicious behavior and activities, security breaches and potential security risks.
- Conduct self-assessments to ensure that all procedures align with all applicable legal and compliance regulations.
Data and System Security – 30%
- Work with the various IT teams to identify, contain, eradicate, and recover from security incidents.
- Monitor all client systems for potential security issues both malicious and accidental.
- Review current security trends and make suggestions as to best practice in mitigating any potential security concerns.
- Stay up to date with the latest threats, technological advances and procedures in the security realm.
- Manage and configure various security tools.
- Assist in the coordination and review results of penetration and intrusion testing and take ownership of addressing or mitigating issues identified.
- Assist in resolving IT Service Desk cases allocated to the IT Security queue.
- Analyse incidents to identify service improvements that will reduce or prevent reoccurrence of security breaches and incidents.
- Follow documented Client standards, policies and procedures.
Compliance and Governance – 25%
- Work with the Technical Operations and Security Manager to coordinate certification activities for various standards including ISO27001 and ISM.
- Assist in responding to compliance based requests for information where they relate to security.
- Coordinates the information security compliance activities.
Reporting – 5%
- Formally report on any security incidents to the business and I.T. management.
Qualifications (Essential-E or Preferable-P):
- Computer related tertiary qualification (BIS) or equivalent experience (minimum 5 years in an IT role).
- Working knowledge of IT security, minimum of 3 years in an IT security role.
- Experience with Trend Micro suite of security products.
- Knowledge of vulnerability management tools.
- Security accreditation such as CISSP or CISA would be highly regarded.
- Ability to plan and prioritise tasks independently and collaboratively within the IT team and wider client environment.
- Demonstrate clear and articulate verbal and written communication skills.
- Strong problem solving skills including the requirement gathering and analysis.