Experience & Qualifications:
- The position will require an incumbent with a minimum of a CISSP (certified information systems security professional) or CISM (certified information security manager) and a CISA (certified information systems auditor) would be advantageous
- The incumbent will be required to have a minimum of 4 years’ experience in a similar role
- Experience in providing input into, managing, implementing the company Information and Cyber Security plan
- Excellent Understanding of ISO27001/2, NIST and SCF Information Security Standards and Implementation
- Experience administering an information security programme is desirable
Duties and Responsibilities:
- Maintain ISMS policies, process and procedures to protect the company’s data in a manner that is compliant with legislation, regulations and professional standards
- Scheduling and documentation of all ISG Meetings (e.g. Agenda, Minutes, Actions)
- Coordinate the production of all relevant reports and statistical analysis required for ISMS SteerCo / Management Review meetings
- Maintain and update content of ISMS Action Logs (e.g. Security Incident Log, Security Corrective and Preventative Action Logs, Documentation Reviews) Ensure that IAG and CSIRT processes are functioning effectively
- Initiate information security awareness and training initiatives among the company users
- Provide SME skills and mentorship to the operational security team as well as collaboration with infrastructure teams
- Interfacing and Coordination with the IT Governance and Risk Manager
- Perform on-going information security risk assessments and internal audits to ensure systems are protected
- Manage the relationship with 3rd party vendors to improve and maintain security within the organization
- Lead the incident response team to contain, investigate and prevent potential computer security breaches
- Implement the defined Security Awareness and Training Campaigns
- Assist the security operations team with BAU activities as and when is required
- Support Projects that require a security oversight, consultative input and research
- Ensure that Security Compliance aligns with strategic objectives and compliance requirements
- Identify key security risks to Project Governance by providing a documented risk assessment
- Ensure security risks are monitored and managed throughout the project lifecycle
- Input into the Security Reference Architecture; Research, Development and Proof of Value testing into current and emerging Security Solutions
- Input into the IT Service Continuity requirements along with Cyber scenario simulation testing
Skills and Competencies:
- IT and Systems Skills and Knowledge A broad technical knowledge of information systems / security / infrastructure / networking solutions
- Analytical Skills Excellent problem-solving skills (ability to resolve complex problems)
- The ability to provide innovative solutions
- Ability to weigh business risk against which relevant and appropriate security measures will be provided
- Personal Skills and Abilities Strong collaboration and stakeholder engagement skills
- Meticulous attention to detail
- Ability to work under pressure to strict deadlines
- Trustworthiness- Protecting the Security of the company by recognising potential issues
- Understanding of role and dealing with possible conflicts of interest within the division & customers
- Ability to work towards team and individual targets
- Building and maintaining effective working relationships, both internal and external
- Excellent time management skills
- Excellent written and verbal communication skills
- Ability to work independently as well as part of a team
- Ability to handle diverse activities; Ability to understand new systems quickly; Project management ability is recommended