Information Security Analyst

IsoMetrix, is a leading integrated risk management software company with offices in the USA, Canada, Australia, United Kingdom, and South Africa. We provide state-of-the-art solutions for ESG, EHS and GRC management.

Backed by the leading private equity firm Carlyle, an investment firm with $293bn of assets under management, SaaS-oriented business model. Crucial to the future success of the business.

We are looking for a candidate with suitable qualifications and experience to join our dynamic and passionate team in an IT development environment.

Main purpose of Job:

Design, implement and maintain security systems to protect SaaS and managed service applications, computer networks, servers and endpoints from vulnerabilities and cyber-attacks. Improve our overall Information security posture with the emphasis on the importance of proactive security measures, continuous learning, awareness programs and collaboration from an Information Security and personal information protection perspective within IsoMetrix.

Primary Responsibilities:

Information Security

• Conduct continuous extensive Cyber and Information Security Risk Assessments, and implement effective controls to mitigate and minimize security risks.
• Monitor computer networks for security issues, utilising advanced tools and technologies to detect and respond to potential threats promptly.
• Investigate security breaches and other cybersecurity incidents, conducting thorough analysis to determine the root cause and implementing appropriate remediation measures.
• Install, configure, and operate security measures and software to protect systems and information infrastructure, including applications, firewalls, intrusion detection systems, and data encryption programs.
• Document security breaches and assess the damage they cause, preparing detailed reports for management and stakeholders to facilitate informed decision-making.
• Collaborate with the Information Technology team to perform comprehensive tests and assessments, identifying network vulnerabilities and recommending effective countermeasures.
• Proactively address detected vulnerabilities to maintain a high-security standard, implementing necessary patches, updates, and configuration changes.
• Stay current on IT security trends and news, continuously expanding knowledge and expertise to effectively mitigate emerging threats and vulnerabilities
• Develop and maintain company-wide best practices for IT security, ensuring adherence to industry standards and regulatory requirements
• Perform penetration testing in collaboration with our security partners to conduct third-party testing and validation, assessing the effectiveness of current security measures and identifying and remediating vulnerabilities in the system.
• Provide guidance and support to colleagues in installing security software and understanding information security management, promoting a culture of security awareness and compliance.
• Conduct research on security enhancements, evaluating new technologies and methodologies, and making recommendations to management for improving the overall security posture.
• Stay up to date on information technology trends and evolving security standards, attending relevant conferences, training programs, and certifications to enhance professional development.

Protection of Personal Information:

• Embedding and improving of pre-determined data privacy controls.
•  Monitor ongoing compliance and perform personal information risk assessments.
• Ability to understand and respond to data privacy risk assessment questionnaires by clients.

IT Strategy

• Brainstorm new ideas and ways to improve information systems by consolidation and efficiencies
• Adequate disaster recovery strategy, high availability, backup and recovery and successful execution. 
• Stay current with software partners and vendors requirements and liaise with account managers to maintain sustainable relationships with customers.
• Partner certification requirements are achieved and communicated to management.
• Information Systems adoption strategy.
• ISO 27001:2022 support and ongoing compliance.
• SOC 2 support and ongoing compliance

Minimum education experience:

• Bachelor's degree or Diploma in computer science or related field.
• Cyber Security Practitioner (CSP) or CCSP (Certified Cloud Security Professional) advantageous.
• Azure cloud security, ideally passing either AZ-500 or MS-500 training.
• 5 years’ experience in information security and data protection.
• 3 years’ experience in protection of personal information and regulatory requirements.
• Proven understanding of relevant legislation governing protection of personal information.
• Ability to interpret regulatory requirements and translate into practical solutions to show compliance.
• Experience with computer network penetration testing and techniques.
• Understanding of firewalls, proxies, SIEM, antivirus, and IDPS concepts.
• Ability to identify and mitigate network vulnerabilities and explain how to avoid them.
• Understanding of patch management with the ability to deploy patches in a timely manner while understanding business impact.
  

Personal attributes:

• Keen attention to detail
• Problem-solving abilities
• Solid knowledge base
• Ability to work in a pressurized environment
• Ability to accommodate flexible working hours
• Ability to multi-task, prioritize as well as manage time efficiently
• Possess strong interpersonal skills and effective communication abilities at all management levels, including the capacity to convey technical information in layman's terms to non-technical roles, such as those in HR and finance.
• Ability to articulate trends clearly and confidently
• Ability to work within company policies and procedures
• Ability to always keep quality of work
  

The IsoMetrix DNA encompasses the following core values and behaviours:

• Own It!
• Do the right thing
• Embrace Ideas
• Win together
• Think Beyond