Kwesé TV is the redefinition of broadcasting in Africa, taking audiences Beyond TV.
We are a distinctly African entertainment company, disrupting the industry by breaking through the confines of traditional approaches to broadcasting. We aim to meet the needs of an increasingly dynamic and globally connected African viewer by providing affordable, premium content to audiences across the continent. The Kwesé network is Africa’s first truly converged media company with pan-African businesses in Pay TV, Free-to-Air TV, and Digital.
Premised on the concept of TV everywhere and anywhere, Kwesé is revolutionising the media industry in Africa. wesé is a brand of Econet Media Limited, the media arm of Econet, one of Africa’s leading Telecoms, Media & Technology groups.
 
Kwese is seeking to employ an Information Security Analyst;
 
MAIN PURPOSE OF THE JOB
To assist the Kwesé information security function in implementing effective security tools, methodologies and practices to improve the information security maturity and posture within the company. To analyse security threats and risks to utilised infrastructure using threat analytics, threat intelligence feeds and creating or using internal threat intelligence feeds where necessary. To report on and create a security dashboard for use by the Information Security and Information Technology leadership for determining risk and response postures for the company’s technology assets. To continually be an ambassador for the information security discipline and continually educate, create awareness and improve the understanding and approach to information security by the user community and other technology professionals.

KEY RESULT AREAS OF THIS ROLE

• Monitor various internal and external threat intelligence feeds and provide input / reports / escalations into current trends, threats and non-compliance issues facing the company’s technology assets
• Produce and maintain a security dashboard monitoring the threats and the efficacy of information security’s response to those threats as well as other security metrics that may be determined from time to time.
• Assist in implementing tools, methodologies and practices as determined by the technology leadership team.
• Assist in assessing risk to systems, technologies, platforms and products either in place or under consideration for implementation or development.
• Provides input into security mechanisms or tools to secure the various company technology platforms.
• Assist in engaging with the rest of the Information Technology team to rollout or implement security tools, methodologies or practices as determined from time to time.
• Produces and circulates under guidance from the Information Security team reports as may be required by the technology and other leadership functions within the greater group.
• Tracks and reports on identified security flaws, threats and vulnerabilities identified during any testing process to conclusion, including any procedural flaws identified during any audit or assessment process.
• Assist in creation and updating of information security policies, guidelines, procedures and standards.
• Act in a documentary and coordination role in conjunction with the Information Security leadership team to any incident requiring intervention or security response. Be a member of the cyber incident response, information security incident response and business continuity response teams to ensure continuity and security of services.

 
KEY DECISIONS

• Decides format and content of weekly security metric reports
• Decides on when and how to interact with suppliers of deployed security solutions for the purposes of providing support to internal customers
• Decides on what input to provide on security tools and metrics for measurement.
• Decides (in a collaborative fashion) how to implement security tools and monitoring systems to ensure needs are addressed.
• Decides on the process, methodology and practices required to meet the needs of the Information Security and Technology leadership.

 
KEY CONTACTS

• Kwesé Information Technology and Information Security Teams
• Support departments of suppliers (IBM threat intelligence, Symantec treat intelligence, etc.), Research Groups (Gartner, Forrester, Threatweb, Pastebin, etc.)
• Information Security vendors / Suppliers of security solutions
• Information Technology vendors where necessary to address security flaws in deployed solutions
• Incident response teams

 
 EDUCATION

• Matric / Grade 12

 
POST SCHOOL QUALIFICATIONS

• General purpose Information Technology certifications or credentials.
• General purpose Information Security certification such as Security+ or Systems Security Certified Practitioner (SSCP) or recognition of prior learning specifically in the information security space.
• Vendor specific security credentials may be of advantageous if they are security technologies used within the company.

 
EXPERIENCE AND SKILLS

• Minimum three (3) years’ experience in a specific security analysis or security engineer or security architecture type role.
• Report writing and attention to detail
• Analytical and analysis methodologies as well as logical thinking required.
• Elements of basic project / task management for tracking security issues, flaws and vulnerabilities.
• Risk analysis and risk reporting
• Ability to create and maintain complex security metric dashboard/s from multiple sources and addressing multiple systems
• Basic Information technology support knowledge to assist in the planning, rollout and implementation of specific security tools or interventions.
• Ability to understand the business and not put in place security tools or techniques that stands in the way of the business operating.