Purpose of Job

Provide first line (operational) assurance to the Cybersecurity team by verifying that security controls are properly designed and operating effectively across core security domains.The role designs and performs control monitoring, testing, gathers evidence and reports objective outcomes against Sasol’s IT Critical Cybersecurity Controls (CIS v8.1 mapped to NIST CSF 2.0) and related policies/standards enabling timely remediation and demonstrable compliance.This role is positioned within the Sasol cybersecurity team to drive governance, control monitoring and compliance.

Key Accountabilities
Control design assurance:

• Validate control design against internal standards and policies (e.g., AD/Entra ID, PAM, SOC logging, firewall hygiene), raising design gaps and concessions where needed.
• Translate enterprise control objectives (CIS/NIST CSF) into testable control statements and SOPs for first line checks across identity, endpoint, network, data protection, logging/monitoring, and incident response.
• Embed doer–checker separation for high-risk activities; ensure evidence trails meet internal and external assurance expectations.

Operating effectiveness & continuous monitoring:

• Plan and execute control tests (periodic and continuous), collecting Outcome-Driven Metrics (ODMs) for the Cyber Safety Score dashboard.
• Operate configuration/compliance scans and related health checks to detect baseline drift and control exceptions.
• Coordinate detective control coverage checks (e.g., SIEM use-case health, log onboarding completeness) to assure alert efficacy.

Evidence, reporting & governance:

• Maintain auditable evidence packs mapped to each control/safeguard and to the control library.
• Produce clear monthly assurance reports highlighting control status, exceptions, risks, and remediation progress for Cyber leadership and Combined Assurance forums.

Issue/exception handling and risk response:

• Drive remediation tracking with control owners; log and monitor risk responses and concessions per the Cybersecurity Risk Response process.
• Support SOX/ITGC sustainment by aligning first-line checks to key access/change/configuration controls and collating compensating-control evidence where needed.

Stakeholder collaboration (2nd/3rd line):

• Partner with GRC/Compliance (2nd line) and Internal Audit (3rd line) to share first-line results, close findings, and reduce repeat issues via design improvements and SOP updates.

Formal Education

• 3–4 year relevant degree (Information Security / Computer Science / Risk / Audit).

Certifications (one or more advantageous)

• Security Operations / Controls: CompTIA Security+, (ISC)² SSCP, CCSP, CISA,CISSP
• Governance/Standards: ISO/IEC 27001 Lead Implementer/Lead Auditor
• Microsoft Security/IAM: SC-200, SC-300, SC-100, AZ-500
• PAM/IAM: vendor certifications (e.g., CyberArk, Omada)
• SOX compliance certifications

Working Experience

• 6 years in cybersecurity operations or control monitoring/assurance across cybersecurity domains.
• Frameworks/Controls: NIST CSF 2.0; CIS Controls v8.1; ISO/IEC 27001
• IAM & PAM; Network & Perimeter Security; Endpoint/Server Protection
• Security Logging & Monitoring; Incident Response linkage
• Change & Configuration Management; configuration baseline drift detection and evidence capture
• Data Security & Protection; backup/recovery verification