The Information Security Officer (ISO) develops programs and frameworks in line with the ICT strategy to protect Company’s computer network and data from various forms of security breaches.
To oversee information governance and security to ensure that appropriate controls are in place, data is secure and processed safely.
As the center of competence for information security, the ISO provides advice and acts as the focal point for security compliance-related activities and responsibilities.
Information security and governance
Identify vulnerabilities in the network in order to develop, implement and monitor a strategic, comprehensive enterprise information security, risk and governance program to ensure that information assets are adequately protected.
Develop and enhance information security management framework/s aligned to the comprehensive program and ICT strategy.
Understand and interact with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems, and services.
Provide input into ICT planning by providing current knowledge and future vision of security and governance related to technology and systems to ensure adequate and appropriate consideration during planning.
Data protection
Create and institute measures to safeguard sensitive information and data within the computer network from various forms of security breaches by continuously researching, developing, implementing, testing and reviewing information security in order to protect information and prevent unauthorized access.
Identify, assess, and accurately report security risks to partner with business stakeholders across the company to raise awareness of risk management concerns.
Work closely with business units to facilitate risk assessment and risk management processes and inform users about security measures, potential threats, and mitigation measures to keep users up to date.
Effect role as center of competence to the enterprise’s information security organization by educating colleagues about security software and best practices for information security.
Network security
Monitor networks to ensure local procedures and activities comply with all regulatory requirements and internal policies, procedures, guidelines, and standards.
Install software, implement security measures, monitor networks and document any security breaches.
Assess damage related to security breaches to ensure corrective action can be implemented so that continued security and governance standards can be maintained.
Keep abreast of rapidly changing needs around security threats to mitigate security breaches and cyber-attacks to ensure any suitable updates are recommended.
Minimum qualifications and experience:
BSc/BA in Computer Science or Information Security or BCom Informatics.
A certification in information security such as a CISA certification.
Information Security Risk and Security governance certification or course such as CISSP, CISM or related certification.
At least 3 to 5 years’ previous information security and governance related work experience.
Monitoring of firewalls and network tools
POPI compliance knowledge regarding information security
Preferred qualification and experience:
Honours Degree would be an advantage
Experience working with Mimecast
Working exposure to Cyber Security
Skills, competencies, and attributes:
Excellent knowledge of common information security management frameworks, such as ISO/IEC27001 and NIST.
Excellent knowledge of best practices to prevent a wide range of security threats.
consideration during planning.
Experience with MS Windows and Microsoft product suite
About The Employer:
Company is an NGO that empowers people and changes lives. Good health and quality of life is what motivates us to provide healthcare solutions and support for those who need it most.