Role purpose:

The primary purpose of the role is to work within a team of Secure by Design and Security Architecture professionals, in collaboration with the Privacy and Business Risk Teams to Perform Secure by Design Assessments against Vodacom policies and standards. In performing this role you will

Identify potential cyber security risks for new products, services and operations and identify controls to minimise, mitigate or remove those privacy and security risks;
Review Design and implementation of the identified controls to ensure they are built into the product (at Design & Build stages);
Provide assurance that privacy and security controls have been implemented before the product goes “live” and product complies with Vodacom/Vodafone Security requirements and applicable laws (at Test & Go-Live stages);
Assess security and privacy risks arising from changes to existing live products that impact the processing of personal data (In-Life); and
Ensuring security and privacy risks are addressed when decommissioning these products (Decommissioning).

You will also be required to drive the delivery of Cyber Security strategy and maturity improvement or risk reduction initiatives into the business unit(s) to which you will be assigned, monitor progress against agreed targets with the objective of safeguarding Vodacom Infrastructure and customer data from Cyber threat actors. This role will involve working with Busines unit, Cyber and IT stakeholders in Vodacom South Africa to drive out Cyber Security baseline requirements – Some of these responsibilities may extend to collaboration with Group Cyber Security and other operating companies to ensure that cyber security controls are consistently applied across markets.

Your responsibilities will include:

Ensure timely delivery of technology security assurance and support for projects, products and services.
Ensure compliance with Legal and Regulatory requirements
Support Technology Security awareness programs and educational efforts within the business unit to which you are assigned
Provide accurate and timely reporting of technology security risks identified during secure by design assessments, project engagement and propose remediation and mitigation options in line with policy and good practice
Fulfil key customers’ obligations and stakeholders’ expectation
Ensure financial efficiency in Tech Security Solutions
Ensure compliance with the applicable legislative and regulatory interpretation and corporate risk appetite;
Engage with the stakeholders on compliance to control effectiveness and deficiencies in the design and operating effectiveness of information security controls, design and recommend opportunities for continuous improvement.
Manage and conduct formal information security risk analyses, reviews, tests, audits and/or self-assessments.
Design appropriate remedial actions for identified risks, drive remediation of findings and management of risks and exemptions.
Assist to compile a report of information security risks in an appropriate way for different audiences.
Develop, manage and maintain an information security incident management capability.
Collaborate with various key stakeholders, and provide information security advice to stakeholders

The ideal candidate for the role will have:

Technical / professional qualifications:

3 year Technical Diploma/Degree in Information Security, Computer Science or Engineering
An industry certification. The CISSP is strongly preferred, however CCSP, OSCP, CISM, CISA or other relevant certifications will be considered. Security/IT Architecture qualifications such as SABSA, TOGAF etc and relevant security architecture experience will be an added advantage
Minimum of 5 years of experience in a Cyber Security role
Knowledge of common information technology management / compliance frameworks such as ISO/IEC 27001, NIST CSF, ISF, PCI DSS, OWASP, SANS etc.

Core competencies, knowledge, and experience:

Knowledge of operating systems such as Windows and Linux and how to secure them
Knowledge of Cloud and container technologies such as AWS/GCP/Azure, Docker, Kubernetes, and how to implement developer tools such as GitHub and Dependency management will be an added advantage.
Specialist knowledge or experience in either, DevSecOps, Application Security, Security Architecture or Offensive Security will be an added advantage.
Knowledge of configuration management tools such as Chef, Puppet, and Ansible will be an added benefit.
Knowledge of and/ or experience in creating and managing DevSecOps pipelines practicing SCA, SAST, DAST, and Security as Code will be an added advantage

Closing date for Applications: 30 August 2023

The base location for this role is, Vodacom Campus, Midrand.

The Company’s approved Employment Equity Plan and Targets will be considered as part of the recruitment process. As an Equal Opportunities employer, we actively encourage and welcome people with various disabilities to apply.
Vodacom is committed to an organisational culture that recognises, appreciates and values diversity & inclusion.