Our client in the financial security market is looking for a Head Of Information Security who will be responsible to set the strategic direction to lead the protection of technology and data from threats and other whilst observing regulatory and compliance standards.
Set the Technology Strategy & Innovation for your area of responsibility
Create and drive a strategy for the development, deployment, maintenance and monitoring of information security technologies and program enhancements including strategic integration of partnerships e.g., Joint Ventures, Mergers and Acquisitions
Provide Stratco and Group Risk committees a view on overall cyber security readiness of CLIENT’S and what measures need to be implemented to enhance the current level of security practices and awareness
Responsible to confirm that the Information Systems disaster recovery plans meets the minimum information security standards
Prioritise and allocate cyber security resources in alignment with the overall CLIENT’S strategy
Create and execute cyber security strategies to improve the reliability and security of projects.
Accountable for the data protection of the organisation in compliance with regulatory requirements
Oversee the creation of a framework and program that oversees data protection across the organisation through the enforcement of the policy through business area Deputy Information Officers
Validate the effectiveness of vendor relationships and performance and recommend the appointments of new vendors in conjunction with Procurement in alignment with the IT strategy when required
Lead Analysis and Planning Activities
Responsible to analyse the CLIENT’S technology landscape and craft blueprint/framework that addresses current vulnerabilities/gaps and future demands
Monitor security vulnerabilities, threats and events across network and host systems and prioritize plans of action according to severity of risk and provide an assessment to the CTO of the impact to the organisation with a plan to remediate
Anticipate new security threats and stay up to date with evolving infrastructures
Collaborate with key stakeholders to integrate IT systems development with security policies and information protection strategies
Research current and latest Technology Security methodology and tools (nationally & internationally) in order to:
Assess, test and select new security products and technologies
Prepare cost estimates and identify integration issues
Propose changes or enhancements to the correct forum (project portfolio board, Stratco etc.) in order to obtain approvals to implement
Set the Technology Strategy & Innovation for your area of responsibility
Create and drive a strategy for the development, deployment, maintenance and monitoring of information security technologies and program enhancements including strategic integration of partnerships e.g., Joint Ventures, Mergers and Acquisitions
Provide Stratco and Group Risk committees a view on overall cyber security readiness of CLIENT’S and what measures need to be implemented to enhance the current level of security practices and awareness
Responsible to confirm that the Information Systems disaster recovery plans meets the minimum information security standards
Prioritise and allocate cyber security resources in alignment with the overall CLIENT’S strategy
Create and execute cyber security strategies to improve the reliability and security of projects.
Accountable for the data protection of the organisation in compliance with regulatory requirements
Oversee the creation of a framework and program that oversees data protection across the organisation through the enforcement of the policy through business area Deputy Information Officers
Validate the effectiveness of vendor relationships and performance and recommend the appointments of new vendors in conjunction with Procurement in alignment with the IT strategy when required
Lead Analysis and Planning Activities
Responsible to analyse the CLIENT’S technology landscape and craft blueprint/framework that addresses current vulnerabilities/gaps and future demands
Monitor security vulnerabilities, threats and events across network and host systems and prioritize plans of action according to severity of risk and provide an assessment to the CTO of the impact to the organisation with a plan to remediate
Anticipate new security threats and stay up to date with evolving infrastructures
Collaborate with key stakeholders to integrate IT systems development with security policies and information protection strategies
Research current and latest Technology Security methodology and tools (nationally & internationally) in order to:
Assess, test and select new security products and technologies
Prepare cost estimates and identify integration issues
Propose changes or enhancements to the correct forum (project portfolio board, Stratco etc.) in order to obtain approvals to implement
Set the Design for your Area of Responsibility
Collaborate with key stakeholders to establish a robust IT security risk management program, which is not limited to this one component but will be agile in design.
Responsible to provide assurance that all corporate governance is in place with allocated partners/vendors before any work commences
Adherence to legal and regulatory frameworks, including the Regulation on Interception of Communications Act, the Protection of Personal Information Act and international privacy laws
Supervise development/ review of and oversee compliance with corporate security policies, standards, and procedures
Provide expert guidance and consultancy on the development of local, system-specific, and application-specific information security policies, guidelines, standards, procedures, and responsibility designations
Devise imaginative solutions within our area of responsibility to protect and add value to the cash ecosystem and CLIENT’S.
Lead Implementation and Execution Activities
Establish a cyber forensics investigations program that will be embedded as practice and conducted through internal and external teams.
Responsible to provide feedback to the CTO and Group Risk in the event of a breach with recommended corrective measures.
Responsible to maintain and update the Information Governance Toolkit and other measures of Information Security as required
Spearhead education programs, in collaboration with Organisational Development, focused on user awareness and security compliance and institute enterprise-wide training in security awareness, protocols, and procedures
Coordinate external information security inspections, tests and reviews and oversee an in-house security team and consultants where applicable
Develop strategies to manage security incidents, coordinate investigative activities and test the effectiveness post deployment
Function as a focal point for IT security investigations and direct a full investigation with recommended courses of action
Review and provide authorization on recommendations received in relation to in the procurement process and/or any investigative/exploratory venture requests
Lead Risk & Quality Management
Responsible to create a cyber risk conscious culture that understand the integral role each employee plays in successfully protecting CLIENT’S
Strive to deliver a zero-audit finding year on year
Deliver clean vulnerability assessments on CLIENT’S Technology resources through constant health checks, forensic investigations and mitigation procedures
Take ownership of the internal Control and Audit strategy and execution of existing systems and provide comprehensive risk assessments to CTO and Group Risk
Oversee and where need be respond immediately to security-related incidents and provide a thorough post-event analysis
Quantify risks according to potential revenue loss through security incidents
Manage Technology related insurance (including Cyber insurance costs)
Review and seek to improve on the internal and external Business Continuity Management plans including running tests to ensure effectiveness
Collaborate with CLIENT’S and external stakeholders to validate and review disaster recovery plans that will have minimal impact on the cash ecosystem in terms of service delivery
Financial Management
Review and present financial forecasts for cyber security operations and proper maintenance cover for cyber security assets
Collaborate and Consult with Key Stakeholders to manage the strategic alignment within CLIENT’S Cyber Security
Manage a departmental budget, reporting on monthly expenditure and updating forecasts accordingly
Provide input into the departmental budget on an annual cycle
People Management
Establish, embed, and maintain information security standards, including continuous improvement of working processes, effective use of organization-wide approaches to goal setting, personal development planning, and motivation for a high performing team
Continuously exploring ways of improving the team’s toolkit and output and a proactive mindset
Create an environment conducive to cross-functional skills transfer.
Creates a conducive environment which translates into productivity and high morale within CLIENT’S delivering on key performance areas
Lead and manage the Talent Management Process within one’s department
Lead and manage the end-to-end performance management process of employees
Adhere to legislative requirements, company policies and procedures in respect of employment Health and safety practices
Manage overtime / illegal overtime of one’s department through proper planning and staff rotation inclusive of driving the time and attendance system within one’s department
Draft and execute training plans in conjunction with the Organisational Development team
Create and implement strategies in collaboration with Change Management & HR to evaluate and maintain employee satisfaction
Drive Transformation and BBB-EE initiatives to ensure sustainable alignment to the company scorecard
Act as a change management architect in periods of change to ensure continuity
Facilitate the necessary presentations, workshops or forums to ensure consistent and accurate communication is given across one’s department
Drive the organisation culture within one’s centre
Drive the department’s values while inspiring confidence and generating excitement, enthusiasm and commitment towards the mission.
Serve as a leader of the culture program driving the desired behaviours and encouraging employee engagement
Create and implement strategies in collaboration with Change Management & HR to evaluate and maintain employee satisfaction
Drive Transformation and BBB-EE initiatives to ensure sustainable alignment to the company scorecard
Provide leadership to employees within the organisation, creating a winning culture and high morale Lead as an Ambassador and executor of Change
Act as a change management architect in periods of change to ensure continuity to operations
Effectively communicate and embed new processes and procedures as they occur addressing or escalating matters / concerns to the SME’s (subject matter experts) when required
Facilitate the necessary presentations, workshops or forums to ensure consistent and accurate communication is given across one’s centre/s
Requirements
8 years’ working in Cyber Security of which:
5 years has been managing security operations and teams.
3 years has been managing IT Security supplier performance
Expert knowledge of Information Security tools and techniques, IT Governance standards and methodologies, Information Security legislation and regulations and software development lifecycle.
In-depth knowledge on countermeasures against potential risks.
Technical knowledge of IT systems, data bases, data warehouse, ETL tools and data modelling
Experience in IT Security methodology
Minimum Requirements: Education
A bachelor’s degree in computer science, programming, or a related field
One or more of the below certifications would be advantageous:
CISSP: Certified Information Systems Security Professional
CISA: Certified Information Systems Auditor
CISM: Certified Information Security Manager
Desired Skills:
- INFORMATION
- SECURITY
- OFFICER