Information Security Operations Specialist

Scope: The Specialist—Information Security Operations is responsible for implementing, maintaining, and enhancing Transguard’s cybersecurity measures to protect critical information assets. This role involves a comprehensive understanding of cybersecurity principles, industry-standard technologies, and frameworks such as ISO 27001, PCI-DSS, NIST, and other best practices. The individual will play a key role in proactively identifying, monitoring, and responding to security threats and incidents, ensuring Transguard’s data and systems are secure against evolving cyber risks.

Financial

• Implement and maintain information security measures, including use cases, to minimize financial losses associated with cyber security breaches and non-compliance penalties
• Track and report on ROI for business continuity investments to ensure long-term value

Customer

• Provide regular updates and reports on security incidents, emerging threats, and mitigation efforts to both internal stakeholders and external clients
• Ensure that incident reports include clear actionable insights, timelines, and resolutions, allowing stakeholders to make informed decisions and maintain business continuity
• Serve as a subject matter expert for IT security incidents within Transguard
• Communicate incident details, response actions, and resolution status to clients, ensuring that their security concerns are addressed promptly and professionally

Process

• Ensure that all IT-related security incidents are thoroughly documented, tracked, and reported using established incident management platforms
• Collaborate with relevant teams to implement corrective actions, track incident resolution, and ensure that root causes are addressed to prevent future occurrences
• Work closely with Security Operations Center (SOC) analysts and engineers to enhance incident detection, monitoring, and response capabilities
• Ensure seamless integration of SOC alerts with internal incident management processes to improve the overall security posture and reduce response times
• Perform monthly reconciliation to ensure that all IT infrastructure and application systems are appropriately integrated with security monitoring tools
• Lead the implementation, configuration, and maintenance of Insider Risk management, File integrity monitoring, CASB and DLP tools to ensure that all sensitive data is identified, classified, and protected from unauthorised access or leakage outside of Transguard’s network
• Monitor and fine-tune FIM, Insider Risk Management, Tenable, CASB and DLP configurations to adapt to evolving organisational needs, cloud service usage, and emerging security threats
• Ensure real-time protection of cloud-based applications, endpoints, and data storage locations to prevent data exfiltration, loss, or unauthorized sharing, in compliance with Transguard’s security policies
• Continuously update CASB and DLP policies as new technologies and tools are adopted, ensuring they provide comprehensive coverage of all endpoints, cloud services, and data storage
• Work closely with all relevant stakeholders to ensure that all sensitive data within Transguard is properly identified and mapped according to Transguard’s sensitive information types (e.g., PII, financial data, intellectual property)
• Collaborate on developing and refining data classification frameworks and ensure that DLP policies align with these classifications to effectively protect Transguard’s most critical assets
• Collaborate with IT teams to ensure that any changes to the IT environment are effectively monitored for security events
• Conduct monthly vulnerability assessments to identify and evaluate potential cyber threats in the IT systems
• Ensure that new changes to IT systems or applications (including updates, patches, and configurations) are scanned for vulnerabilities and threats, ensuring compliance with security best practices
• Regularly monitor SOC KPIs, including Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR), to ensure that security incidents are detected and remediated within agreed-upon timeframes
• Work with the SOC provider to ensure that service level agreements (SLAs) are met and take proactive action when KPIs are at risk of being breached.
• Track the performance of the SOC monthly to ensure that services are delivered as per contractual obligations and escalate any issues for timely resolution
• Monitor security events and alerts from multiple sources, including SIEM systems, intrusion detection systems (IDS), and UEBA platforms, to ensure timely detection of potential security incidents
• Continuously analyze incoming data from SIEM and other tools to identify anomalies, indicators of compromise (IOCs), and other patterns that may indicate a threat
• Regularly analyze security logs and data from systems, applications, and security tools to detect unusual activities, security breaches, or indicators of compromise (IOCs)
• Conduct deep dives into identified potential security incidents to determine their severity and escalate for further investigation or remediation as necessary
• Continuously monitor the Information Security dashboard to ensure that internal KPIs (e.g., incident response times, system vulnerabilities, security event resolution) are being met
• Take necessary actions to ensure compliance with internal security requirements and improve performance in areas where KPIs are not being met, ensuring the organization remains secure and compliant

Innovation

• Continuously monitor and evaluate the effectiveness of IT governance, risk management, and compliance programs, and recommend changes or improvements as needed

Selection Criteria

Experience and educational requirements:

• Minimum of 5 years of experience in cybersecurity, PCI-DSS, and information security
• Bachelor’s degree in computer science, information technology, cyber security, or a related field

Technical Skills:

• Relevant certifications are Mandatory (MCITP or similar), CEH and Certified SOC Analyst
• Relevant certifications are preferable: CISSP
• Expertise in risk assessment methodologies
• Strong knowledge of technical cyber security technologies such as encryption, SIEM, Microsoft tools – Information Labeling, data loss prevention (DLP), Insider Risk Management, File Integrity Monitoring (FIM), Tenable and vulnerability management and CASB (cloud access security broker)
• Familiarity with industry-standard frameworks and standards related to data protection, such as PCI-DSS, ISO 27001 or NIST (National Institute of Standards and Technology)

Soft Skills:

• Excellent communication and relationship-building skills
• Strong analytical and problem-solving skills to assess risks, identify vulnerabilities, and develop effective mitigation strategies
• Strong strategic thinking and planning skills
• Ability to work independently and as part of a team, managing multiple priorities and deadlines effectively
• Continuous learning mindset to stay updated on evolving data protection regulations, technologies, and best practices.