Specialist: IT Security - South African Revenue Service

SARS is looking for a Specialist: IT Security, in the User Access Management domain to support the provision of identification, authentication and authorisation services for the IBM Mainframe RACF systems.

Job Purpose

To provide identification, authentication, and authorization services to SARS users as directed within the existing information security policies and contracted SLA's. The specific role includes the creation of RACF profiles, which facilitate access to the mainframe applications. The role entails the effective design and implementation of security on SARS' Mainframe systems.

This is mainly in the realm of Mainframe user account administration and lifecycle management using IBM’s Resource Access Control Facility (RACF), also known as the z/OS Security Server.

Job Outputs:

Process

• Configuration, administration, of the IAM infrastructure (IBM RACF (Vanguard), SAP (GRC), in area of responsibility according to set standards to ensure 24X7 operations.
• Provisioning of end-to-end user and administrative account identification services by the creation, termination suspension and re-activation of user access accounts across multiple access control technologies (SAP, Mainframe).
• Provisioning of end-to-end user and administrative account authentication services by supporting user password creation, resets and password-self-service technologies across multiple access control technologies (SAP, Mainframe).
• Giving input to risk management principles through risk assessments, risk mitigation proposals, and inputs on various forums including but not limited to change/release management processes, projects, governance initiatives, audit requirements, vulnerability assessments and other processes.
• To design and develop reports that will provide visibility to line managers in order to manage any risks within their respective areas relating to fraud, prevention of fraud and access to information.
• To provide input to current/new IT Security strategies, architectures, policies, standard, procedures, SOPs, user training material and guides or other organisational policies which influences IT security to align with business and audit requirements relating to the prevention of fraud or access to information.
• To report on performance of team, status updates on outstanding tasks, escalation of high impact risks.
• Develop and maintain productive working relationships with peers, SARS role players and third parties to achieve predefined objectives.
• Execute specialist input through investigation &opportunities within the product process including risk concern.
• Provide specialist input through the investigation of opportunities for operational and process product and risk optimisation.
• Correctly apply policies, practices, standards, procedures and legislation in the delivery of work outputs.
• Draw on own knowledge and experience to diagnose symptoms, causes and possible effects to solve emerging problems.
• Initiate process and procedural change, also implement the change and provide guidelines and support related to new requirements as a result of the change.

Governance

• Ensure that completed work adhere to relevant policies, procedures, governance and legislative requirements and report on deviations & discrepancies.
• Implement and provide input into the development of governance, compliance, integrity and ethics processes within area of specialisation.
• Provisioning of user statistics, monthly, quarterly, and annual reports on the Mainframe RACF systems.
• Implement or initiate the resolution of negative audit findings reported by internal or external auditors in area of responsibility.

People

• Develop and maintain productive working relationships with peers and team members to achieve predefined objectives.
• Search for, integrate and share new knowledge attained through formal and informal learning opportunities in the execution of your job.
• Provide specialist know-how, support, advice, and practice thought leadership in area of expertise.

Finance

• Adhere to organisational policies and procedures to ensure cost effectiveness and reduction of financial costs.
• Implement and monitor financial control, management of costs and corporate governance in area of specialisation.

Client

• Develop & ensure implementation of a practice that builds service delivery excellence & encourage others to provide exceptional stakeholder service.
• Contribute to a culture of service excellence, which builds positive relationships and provides opportunity for feedback and exceptional service.
• Provide authoritative, specialist services, expertise and advice to internal and external stakeholders.

Education and Experience

Minimum Qualification & Experience Required

Bachelor's Degree in Information Technology / Advanced Diploma Information Technology (NQF 7) AND 5-7 years' experience in Information Security , of which 2-3 years ideally at functional specialist level.

ALTERNATIVE #

Senior Certificate (NQF 4) AND 10 years' Information Security experience.

# The alternative qualifications and experience refer to internal minimum requirements

Behavioural competencies

• Accountability (V)
• Analytical Thinking  
• Conceptual Ability 
• Organisational Awareness 
• Respect
• Problem Solving and Analysis
• Honesty and Integrity (V)
• Customer Service
• Attention to Detail
• Commitment to Continuous Learning
• Building Sustainability

Technical competencies

• System Thinking
• Computer Literacy
• Functional Policies and Procedures
• Business IT Systems
•  IT Strategy and Planning
• Reporting
• Information Security Management
• Business Knowledge
• Efficiency improvement

Compliance Competency

• GOC Confidential