Information Security Manager – Western Cape Century City

Jul 21, 2023

ENVIRONMENT:

YOUR strong project management background, understanding of software development processes and comprehensive knowledge of information security best practices, specifically related to cloud-hosted services is sought by a dynamic Software Service Delivery Provider to fill the critical role of an Information Security Manager. You will be responsible for monitoring, investigating, and responding to security incidents, as well as providing guidance and training to employees regarding Information Security protocols and processes. Applicants will require a Bachelor’s/Master’s Degree in Computer Science, Information Security, or the equivalent in a related field with a CISSP, CISM or other relevant certifications and 6+ years work experience in a similar role, be familiar with Privacy regulations such as GDPR, CCPA & solid knowledge of data security best practices, industry standards, and frameworks including ISO 27001, SOC 2.

DUTIES:

  • Develop and maintain a comprehensive ISP that aligns with industry best practices and regulatory requirements.
  • Establish and maintain information security policies, procedures, and guidelines to ensure the confidentiality, integrity, and availability of data.
  • Conduct regular risk assessments to identify and evaluate potential security risks and vulnerabilities in software development processes, systems, and infrastructure.
  • Conduct and administrate a company wide gap analysis with the focus on the assessment of industry standards, policies and the current state of the implementation thereof.
  • Project management of “InfoSec projects”, including the successful draft and response to any customer request or questionnaire related to information and data security.
  • Lead efforts to achieve and maintain certifications, such as ISO 27001 and SOC 2, ensuring compliance with the respective standards.
  • Implement and manage security controls, including firewalls, intrusion detection systems, data encryption, access controls, and identity appropriate management systems.
  • Stay up to date with emerging security threats, vulnerabilities, and technologies, and provide recommendations for improving the company’s security posture.
  • Collaborate with cross-functional teams to define and implement security policies, procedures, and guidelines.
  • As DPO, manage security incidents and coordinate incident response activities, including investigation, containment, and recovery.
  • Conduct regular security awareness training for employees to promote a culture of security awareness and compliance.
  • Oversee the implementation and monitoring of security controls for cloud services, ensuring adherence to best practices and industry standards.
  • Establish and maintain relationships with external vendors, auditors, and regulatory bodies to ensure compliance with relevant regulations and standards.
  • Prepare and present comprehensive reports to senior management on the state of Information Security, including risk assessments, incident trends, and remediation progress.
  • Act as the Data Protection Officer (DPO) and should display the ability to manage critical escalations as part of the response procedures during an information or data breach incident.
  • ·

Key Initial Responsibilities:

The Information Security Manager’s initial focus areas will include:

  • Initial fact-finding, investigation and assessment.
  • Perform a gap analysis to determine the current state of compliance as measured against industry standard information security best practices.
  • Evaluate, prioritise critical areas of non-compliance.
  • Document, plan and gain approval for the remediation of issues identified.
  • ISO27001 (or equivalent) Certification.
  • Engage consultants and lead on the certification process.
  • Review outcome and develop a remediation plan to ensure certification standards are met.
  • Own the implementation of an approved remediation plan.
  • Secure Certification.
  • Reporting.
  • Develop reporting capabilities to clearly articulate the information and data security status, incorporating a Central Risk Register.
  • Customer Information Security questionnaires
  • Ownership of all customer questionnaires, including the acceptance, draft, review, cross team collaboration and final response.

REQUIREMENTS:

Qualifications –

  • Bachelor’s or Master’s Degree in Computer Science, Information Security, or the equivalent in a related field.
  • Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or other relevant certifications.

Experience/Skills –

  • 6+ Years of experience in Information Security management, preferably within a Software Development environment.
  • Proven success in a similar role.
  • Proficient knowledge of data security best practices, industry standards, and frameworks (e.g., ISO 27001, SOC 2).
  • A strong customer centric and pragmatic approach.
  • A strong commercial approach and the ability to budget and track both costs and benefits.
  • Experience working collaboratively with executives and teams in a matrix style environment, with the ability to influence, lead and guide executives and teams on information and data security related topics.
  • Strong leadership abilities, with a track record of driving change and building a culture of security awareness.
  • Familiarity with Privacy regulations (e.g., GDPR, CCPA) and experience in ensuring compliance.
  • Strong Project and Program Management skills with a proven ability of delivering complex programs spanned across cross-functional teams within a distributed workforce.
  • Experience managing programs for certification with ISO 27001 or SOC 2.
  • Strong understanding of software development processes, as well as processes related to the wider business, including a good understanding on the concepts and implementation requirements related to the technical and operational measures required to ensure compliance (including secure coding practices, secure SDLC concepts, access control etc.).
  • Familiarity with cloud security architecture and best practices for securing cloud services.
  • Comprehensive understanding of security controls, such as firewalls, intrusion detection systems, data encryption, access controls, and identity management.
  • Proven experience in risk assessment, vulnerability management, and incident response.
  • Strong administrative skills with the proven ability to develop and maintain policies, guides, training material and documentation related to information and data security practices within the environment.

ATTRIBUTES:

  • Results-driven with high energy and persistence.
  • Be a competent and confident global player, will need to be respected at all levels within the organisation and their personal integrity and effectiveness must be undoubted.
  • Highly competent, self-motivated, responsible and able to work under pressure and flexible hours to fit in with the international structure of the organisation.
  • Exceptional communication skills (written and verbal), proven leadership capabilities, sound decision making skills, excellent analytical and problem-solving skills, with a focus on understanding the root cause of an issue.

While we would really like to respond to every application, should you not be contacted for this position within 10 working days please consider your application unsuccessful.

COMMENTS:

When applying for jobs, ensure that you have the minimum job requirements. OnlySA Citizens will be considered for this role. If you are not in the mentioned location of any of the jobs, please note your relocation plans in all applications for jobs and correspondence. Apply here [URL Removed] e-mail a Word copy of your CV to [Email Address Removed] and mention the reference number of the job.

Desired Skills:

  • Information
  • Security
  • Manager

Learn more/Apply for this position