The Role: Essential Functions:
- Develop and implement a strategic, long-term information security strategy to ensure that company??s information resources are adequately protected.
- Lead the development of comprehensive information security policies, procedures, standards, and guidelines, and oversee their approval, dissemination, and maintenance.
- Ensure that the information security management program enforces compliance with applicable policies, laws, regulations, and contractual requirements.
- Lead efforts to monitor and maintain compliance with PCI, GDPR, POPIA and other applicable laws and regulations.
- Work to strike an optimal balance between the necessity for business with the need for security, safety and data privacy in all aspects of Group IT operations.
- Identify, evaluate, and report on information security risks, program developments, and improvement projects to the executive committees, and provide subject matter expertise on security standards and best practices.
- Work with senior leaders across the business to identify and assess IT risks, establish risk tolerance, navigate risk acceptance processes, monitor remediation efforts, and implement mitigating and compensating controls necessary to reduce IT risks to acceptable levels.
- Act as the champion for the enterprise information security program and foster a security-aware culture through creative and effective efforts towards ongoing Security Awareness Training & Education (SATE).
- Develop, mentor, lead, and manage a high-performing cross-functional team of
information security, risk, and compliance professionals. - Be an active participant and take a leadership role in relevant councils, committees, and working groups in areas related to IT Governance, Information Security, Data Governance, Identity & Access, and Privacy.
- Supervise all aspects of security operations for the daily defence of the Group,
including monitoring, detection, investigation, and response into attacks,
vulnerabilities, and emergent threats. - Oversee the evaluation, selection and implementation of information security solutions that are innovative, cost-effective, and minimally disruptive.
- Partner with enterprise architects, infrastructure engineers, and application
development teams to ensure that Group IT and Company??s technologies are
developed and maintained according to security policies, frameworks, and guidelines. - Supervise efforts to satisfy regulatory requirements, including execution of internal and external IT audit activities and implementation of remediation actions.
- Develop business-focused metrics to measure the effectiveness of the information security program, and work to increase the maturity of the program over time.
- Monitor the industry and external environment for emerging threats and advise
relevant stakeholders on appropriate postures in response to the changing threat landscape. - Liaise with law enforcement and other advisory bodies as necessary to ensure that the organization maintains a strong security posture.
- Oversee incident response planning and the investigation of security breaches, and assist with any associated disciplinary, public relations and legal matters.
- Oversee and lead the creation, communication and implementation of a process for managing vendor risk and other third-party risk.
Skills and Experience: Essential qualification:
- University Degree
Experience Required:
- General IT Management – 2-5 Years
- General Cybersecurity Management – 5 -10 Years
- General Cybersecurity Practitioner / Engineer – 5 – 10 Years
- Project Management – 1-2 Years
Knowledge required:
- ISO 27001, Essential
- Security Qualifications (CISMP, CISSP, CIRC, CISA) Essential
- Architecture & Security Process Analysis Essential
- MS365 Security Capabilities Desirable
- Mimecast Desirable
- SIEM Management Desirable
- Vulnerability Management Desirable
- Endpoint Security Management Desirable
- Firewall Management Desirable
- POPIA/GDPR Knowledge Essential
- Security Incident Response Management
Personality and Attributes: Strategic Conceptualizing Skills:? Forward thinker
? Works strategically to realise organisational security goals;
? Takes into account of a wide range of challenges across, andrelated to, the organisation
Planning and Organising Skills:
? Plans activities well in advance and takes account of possible changing circumstances;
? Manages time effectively;
? Identifies and organises resources needed to accomplishtasks;
? Monitors performance against deadlines and milestonesCommunication: Verbal and written:
? Avoids the unnecessary use of jargon or complicated
language;
? Writes in a well-structured and logical way;Structures information to meet the needs and understanding of the intended audience.Innovation Skills:
? Bring fresh thinking to the organisation
? Seeks opportunities for organisational improvement
Change Management Skills:
? Adapts to changing circumstances;
? Accepts new ideas and change initiatives;
? Deals with ambiguity, making positive use of the opportunities it presents.
Research Skills:
? Gathers comprehensive information to support decision making;
? Encourages an organisational learning approach (i.e. learns from successes & failures and seeks staff & customer feedback);
? Manages knowledge (collects, catalogues, and disseminates knowledge of use to the business.
Relationship and Networking Skills:
? Easily establishes good relationships with clients and staff;
? Relates well to people of all levels;
? Builds wide and effective networks of contacts.
Results Driven:
? Monitors quality and productivity;
? Works in a systematic, methodical and orderly way;
? Consistently achieves project goals
Attributes essential to raising the bar: Essential:
? Developing strategic partnerships with the internal ICT customer facing businesses in Security and Cyber Security products /services / solutions
? Being exponential in nature
? Innovative and strategic leadership
? Collaborative
? Impact and influence