ROLE PROFILE ROLE SUMMARY

Transcription

1 ROLE PROFILE Role title Location Reporting structure Senior IT Security Administrator Netcare Head Office Information Security Officer Closing date 24 May 2018 ROLE SUMMARY The Senior IT Security Administrator is responsible for effective provisioning, installation/configuration, operation, and administration of security systems, software and related infrastructure. This individual participates in technical research and development to enable continuing innovation within the security landscape. This individual ensures that system configurations, operating systems, software systems, and related procedures adhere to organizational policies and methodologies with regards to information security. The Senior IT Security Administrator will be responsible for articulating an architectural vision, conceptualising architectural approaches, implementing Information security standards, developing and validating the architecture and high level solution design against business requirements and best practices, and guiding clinical and IT departments on methodologies, processes and best practices according to Netcare s Enterprise Architecture framework and Information Security principles. The Senior IT Security Administrator is expected to evangelize best practices for clinical systems, IOT medical devices, architecture design and Information Security standards, while maintaining an awareness of new / emerging technologies and their potential application to existing service offerings. The Senior IT Security Administrator is expected to proactively identify and address technical strengths, weaknesses, opportunities and threats within the Netcare Clinical, IT and medical device environment. This individual will deliver IT technical and infrastructure projects and solutions within the Netcare standard Project Management Methodology. These activities include the definition of needs, benefits, and technical strategy; research & development within the project life-cycle; technical analysis and design; and support of operations and clinical staff in executing, testing and rolling-out the architected solutions. Participation on projects is focused on smoothing the transition of projects from implementation staff to operational staff by performing operations activities within the project life-cycle. The Senior IT Security Administrator is responsible for the operational management of the security administration team and associated contractors to ensure delivery of the Information Security department s objectives and deliverables.

2 Engineering and Provisioning KEY WORK OUTPUT AND ACCOUNTABILITIES Engineering and architecture of system related information security solutions for various project and operational needs. Ensure all new, rebuilt and existing servers configurations, hardware, software, peripherals, services, settings, directories, storage, etc. is in accordance with Netcare security standards and project/operational requirements. Develop and maintain information security configurations, guidelines and procedures. Contribute to and maintain system security standards. Research and recommend innovative, and where possible automated approaches for system administration tasks and information security policies and procedures. Identify approaches that leverage our resources and provide economies of scale. Operations and Support Perform daily information security monitoring, reporting and verifying the integrity and availability of business critical resources, systems and key processes, reviewing system and application logs, and verifying completion of scheduled jobs within the Information Security portfolio. Perform regular security monitoring to identify any possible intrusions. Provide Tier III/other support per request from various departments and business units. Investigate and troubleshoot information Security incidents and issues. Identify, recover from and report Information security incidents and breaches. Coordinate and communicate with impacted business units and/or departments. Overall management of the security administration team Maintenance Apply and report on security patches and upgrades on a regular basis, and upgrade administrative tools and utilities. Configure / add new services as necessary to adhere to the Netcare Information security standards. Upgrade and configure system software that supports Netcare Information Security based infrastructure or applications as per project or operational needs. Maintain operational, configuration, or other procedures relating to Information security. Perform periodic performance reporting to support capacity planning. Perform ongoing performance tuning, hardware upgrades, and resource optimization as required. Maintain information security standards in line with Netcare policies and industry best practice Relationship Management Interfaces with Information Management Team and IT Technical team to define and create Information Security services and solutions in line with business requirements Interface with 3rd party vendors to ensure operations conform to best practice and industry standards.

3 Technology Innovation and growth Ensure that the required modifications are made to designs, configurations and architecture of existing systems to ensure compliance to information security standards Conduct regular reviews and revisions of the Capacity Plan, in line with the organisation s business planning cycle, identifying current usage and forecast requirements during the period covered by the plan Proactively improving service availability wherever possible, and optimising the availability of the IT Security Infrastructure to deliver cost-effective improvements that deliver tangible benefits to the business. Research knowledge of future demand for IT services and predicts the effects of demand on performance service levels and information security. Provide direction for future capacity requirements based on business plans, usage trends, sizing of new services, Information Security requirements etc... SKILLS PROFILE EDUCATION Microsoft Certified Systems Engineer Certified Information Systems Security Professional (CISSP) Relevant National Diploma and/or B.Degree NQF level 6 Systems Security Certified Practitioner (SSCP) Relevant Fortinet qualification/experience Relevant Trend Micro product qualification/experience Relevant Bluecoat qualification/experience WORK EXPERIENCE Minimum 4-6 years in IT Security administration role KNOWLEDGE Microsoft Active Directory Microsoft Applications and Architecture (SCCM, WSUS) Windows Server Operating Systems Information Security Audit methodology

4 Risk methodology Project management Firewall working knowledge Proxy working knowledge Identity and access governance knowledge and experience Data access governance In depth Malware knowledge Networking Strong presenting and communication skills Strong reporting and analytical abilities Business continuity and Disaster recovery Resource and time management Basic Healthcare and Medical knowledge MANAGERIAL/ SPECIALIST SKILLS Coaching Others* Leading and Managing Change* Performance Development* Taking Action Decision Making Managing Self Customer Focus and Service Delivery The capacity to recognise development areas in others and support them to facilitate personal development through coaching. The capacity to implement and support change initiatives and to provide leadership in times of uncertainty. The ability to evaluate and develop different levels of capacity within a team to achieve set objectives. Capable of recognising the need for action, considering possible risks and taking responsibility for results. Capable of making decisions timeously and taking responsibility for the consequences. Capacity to plan, organise and control own work environment by setting appropriate priorities and achieving set objectives within a given time frame. The capacity to identify and respond to the needs of *internal and external customers. *Internal and external customers include patients, doctors, colleagues,

5 suppliers, visitors, vendors and any other person that requires a relationship Adapting and Responding to Change Continuous Improvement Personal Work Ethic Building Relationships Communication Teamwork Technical Knowledge Capable of supporting and advocating change initiatives and managing own reaction to change. The capacity to improve systems and processes to facilitate continuous improvement. Capacity to instil an ethic of quality and consistency in self and others. Capacity to establish constructive and effective relationships. The capacity to clearly present information, either written or verbal. Capacity to cooperate with others to work towards a common goal. The capacity to perform a technical function to required standards. VALUES AND BEHAVIOURS Netcare Values The Netcare Way At Netcare, our core value is care. We care about the dignity of our patients and all members of the Netcare family. We care about the participation of our people and our partners in everything we do. We care about truth in all our actions. We are passionate about quality care and professional excellence. Care - The basis of our business. The professional, ethical patient care and services we offer at every level of the organisation. Truth - The crucial element in building relationships that work. Open communication with honesty and integrity is essential. Dignity - An acknowledgement of the uniqueness of individuals. A commitment to care with the qualities of respect and understanding. Passion - The creative, passionate and innovative drive to do things better than before. To develop and implement successful healthcare solutions for all. Participation - The willingness and desire to work in productive and creative partnerships with others and the commitment to communicate. Netcare is committed to providing quality care. Our basic service standard holds us accountable for the below seven behaviours which you will be accountable to uphold: I always greet everyone to show my respect. I always wear my name badge to show my identity. I am always well groomed to show my dignity. I always practise proper hand hygiene to show my care.

6 I always seek consent to show my compassion. I always say thank you to show my appreciation. I always embrace diversity to show I am not a racist. NETCARE IS AN EQUAL OPPORTUNITY EMPLOYER APPLICATION PROCESS The Company's approved Employment Equity plan and targets will be considered as part of the recruitment process aligned to the Group s Employment Equity strategy. Netcare actively supports the recruitment of people with disabilities. Interested candidates who meet the above criteria are requested to a detailed CV to Fadeela.Mahomed@netcare.co.za Please note: Please note that reference checks for internal applicants will be conducted with the current and past Netcare direct line managers of the applicant and the relevant Netcare HR Managers. Employees are therefore encouraged to discuss internal job applications with their direct line manager to ensure that the line manager is aware of the application. In the event of a candidate having any disability that may impair the individual s ability to perform the job function, the candidate must kindly inform the employer so that an assessment for reasonable accommodation can be made. By applying for this position and providing us with your CV and other personal information, you are consenting to the information being used for the specific purpose for which it was provided, which is recruitment purposes and possible appointment purposes (should you be successful). Please note that your information will be processed for recruitment purposes only or for such purposes relating to assessing the establishment of an employment relationship with yourself, and this will be done in accordance with the applicable data protection and privacy legislation. We confirm that such information will not be used for any other purpose without obtaining your prior consent. If your application is not successful, we retain your CV and other information provided for a period of 6 months after which it will be destroyed in a secure manner. If you object to your information being used in accordance with the aforementioned clauses, please indicate your objection and we will immediately destroy your personal information in a secure manner.