Vodacom | Specialist – Cyber Security GRC X1

Vodacom | Specialist – Cyber Security GRC X1

Job Description

Role Purpose


The primary purpose of the role is to support Cyber GRC functions which are all interdependent and would require good teamwork. To ensure the best delivery, exposure and create backfill capability with succession planning, the role and function for a Cyber GRC specialist would require expertise in the following areas broadly covered below:
Cyber Security Training, Awareness and Education
Cyber Security Document Management & Compliance
Risk and Risk Management
Cyber Security Risk and Risk Management
Reporting & Data Analytics
Compliance and Assurance
Cyber Security Baseline (CSB)
Audits and Assurance

You will also be required to drive the delivery of Cyber Security strategy and maturity improvement or risk reduction initiatives into the business unit(s) to which you will be assigned, monitor progress against agreed targets with the objective of safeguarding Vodacom Infrastructure and customer data from Cyber threat actors.  This role will involve working with the respective Business units, Cyber and IT stakeholders in Vodacom South Africa to drive out Cyber Security baseline requirements – Some of these responsibilities may extend to collaboration with Group Cyber Security and other operating companies to ensure that cyber security controls are consistently applied across markets.

Your responsibilities will include:


Cyber Security Training, Awareness and Education
Responsible for the various components of security awareness, training and education covering which could include the following:
Cyber Security Training and Awareness planning, executing, tracking, and reporting.
Provide bespoke training for high profile staff based on their potential risk of being attacked (HR, IT, Senior Executives, Executive Pa’s.
Deliver Cyber Security inductions for all new joiners.
Deliver presentations to senior management on results of Cyber Security awareness campaigns, pain points, lessons learned and actions going forward for improvement.
Execute routine phishing simulations to assess the posture of staffs reporting and click rates.
Identify high risk users through phishing simulations and provide workshops to lower their risks.
Roll out Cyber Security training for all staff based on current trending global topics.
Provide executive reports to Vodafone regarding the Cyber Security programme.
Research common attack vectors and ways to spot them to reduce the risk
Provide security communications based on risks identified within the organisation.
Main point of contact for Cyber Security Training and Awareness.

Cyber Security Document Management & Compliance
Responsible for the various components of governance covering cyber policies, standards, processes and procedures which could include the following:
Implementation and guide policy compliance across Vodacom SA.
Review of Vodafone Security Policies, Processes and Standards against Vodacom SA for non-conformances.
Identify gaps in policies and provide input to improve them.
Communicate changes to policies to the organisation and the impact of the changes.
ISO9001 Coordinator for the department to ensure the Quality Management System is maintained.

Risk and Risk Management
Cyber Security Risk and Risk Management
Responsible for the risk management process and actions related to the various cyber security governing controls which will cover aspects like:
Risk reviews processes with partner departments to ensure good security practices are up to date as per industry standards and have applied Security by Design.
Identifying and registering new risks with the implementation and integration of new systems.


The ideal candidate for this role will have:


Technical / Professional Qualifications:

3-year Technical Diploma/Degree in Information Security, Computer Science or Engineering
Diploma or bachelor’s degree in Computer Science, Information Systems, Systems Analysis, or another related field
Minimum of 5 – 8 years of experience in Tech Security role where you meet business deliverables.

Core competencies, knowledge, and experience:

Knowledge of common information technology management / compliance frameworks such as ISO/IEC 27001, SOC 2, SOX, ITIL, COBIT, and NIST.
Knowledge of legal, regulatory and privacy requirements, such as Personally Identifiable Information (PII) Protection and Payment Card Industry (PCI)/Data Security Standard.
Proven experience managing and operating multiple security programs, projects, and initiatives.
An ability to think strategically and drive change.
A deep understanding of Technology Security risks and mitigating solutions.
A diverse security background with knowledge in several areas including layered security architecture; internet protocols; firewalls; VPN technologies, IDS/IPS, network access control and network segmentation, anti-malware and spam technologies; risk and vulnerability assessments, and compliance.
Security concepts related to DNS, routing, authentication, VPN, proxy services and DDOS mitigation technologies.
Windows, UNIX and Linux operating systems.
Practices and methods of enterprise architecture and security architecture.
Network security architecture development and definition.
Web Security & Encryption.
Strong organizational skills and an entrepreneurial drive with a history of recruiting and developing high-performing teams.
Ability to work under time and resource pressure.
An ability and desire to communicate and work with a broad set of stakeholders.
A customer-focused, responsive, and transparent attitude.

Closing date for Applications: 1 September 2023

The base location for this role is, Vodacom Campus, Midrand.

The Company s approved Employment Equity Plan and Targets will be considered as part of the recruitment process. As an Equal Opportunities employer, we actively encourage and welcome people with various disabilities to apply.
Vodacom is committed to an organisational culture that recognises, appreciates and values diversity & inclusion.


camerastuff online shop camera accessoriesVodacom | Specialist - Cyber Security GRC X1 1

Leave a Reply

Your email address will not be published. Required fields are marked *