Profession:
Security Analyst resides in Security & Risk Management and part of the Information Technology Specialist profession within the Integrated Technology Delivery.
Position Summary
Security Analyst has the responsibility of an administrator ‘to utilise the tools available within the security system to ensure compliance with policies and procedures designed for the delivery of Security Services to Clients. In addition, an analyst mentors and assists the Security Administrator to analyse and improve the tools and tasks within the security environment.
Responsibilities
Process execution
• In addition to daily operational activities this position will advise and work in conjunction with project implementation groups to ensure smooth integration of new systems into existing infrastructure.
o Problem management. (24 X 7 Support)
o Compliance to appropriate standards.
o Project planning and management for multiple projects.
o Ensuring that manufacture software update releases and security vulnerability notifications are implemented.
o Ensuring that Change records and Problem records are closed within agreed time frames.
o Identify areas of opportunity where services can be improved to the customer or delivery costs can be reduced.
o Any additional activities as directed by the Security Manager.
o Privilege revalidation experience.
Technical knowledge
• This is a technical position as such requires the employee to demonstrate the following;
o Technical understanding of Unix security infrastructure practices.
o Advanced Unix technical skills including scripting
o TCP-IP based networking experience.
Business compliance
• The employee will carry out and ensure compliance with;
o Current IBM security policies (ITSC204, ITSC300).
o Current IBMGS customer specific security policies including GSD331 & GSD332.
o Current customer account specific security policies.
o Defined deliverables as part of IBM projects, both internal to IBM and customer centric projects.
o Relevant national and international security standards and best practices.
Relationships, skills & judgement
• In this role there may be a requirement to work as a Team Leader and therefore the employee must be proficient at;
o Working alone with minimal supervision.
o Working as part of a team in the capacity as team lead.
o Clearly communicating concepts, ideas and objectives to peers and managers.
o Manage the implementation of tactical solutions in short time frames to meet customer demands.
o Provide advice to peers on security concepts and applications within the Network security environment.
o Providing advice as required to customers in line with current Network Security guidelines and accepted IBM policy and procedure.
o Collaborate with other IBM areas where possible to leverage organisational knowledge.
o Resolve issues to the benefit of all parties where possible.
o Take responsibility for their actions.
Authority
The employee is authorised to;
• Direct staff as required to ensure delivery of security services to the contracted level.
• Advise peers, IBM senior staff, IBM executives and the customer in order to make decisions necessary to ensure that the security of the customers environment maintains intact.
• Take action as necessary to stop any immediate threat to the security of the customers IT infrastructure from both internal and external sources.
• Escalate issues to the Manager as required.
• Act with authority as delegated by the Manager
Skills
Skills Description
Skill Level 0 - 5
Mandatory Security Software Knowledge on Unix 3
Written and verbal communications skills to deal effectively with customer business and technical people, and IBM staff across various skill sets 3
Consulting, problem solving, issue management 4
Information security concepts 4
Scripting 4
Preferred IBM business infrastructure knowledge 3