Head: Information Security
Be Different Recruitment
In order to be considered the following is required:
A bachelor’s degree in computer science, programming, or a related field One or more of the below certifications would be advantageous: CISSP: Certified Information Systems Security Professional CISA: Certified Information Systems Auditor CISM: Certified Information Security Manager 5 years senior management experience delivering and securing high risk operations 8 years’ working in Cyber Security of which: 5 years managing security operations and teams and 3 years managing IT Security supplier performance Expert knowledge of Information Security tools and techniques, IT Governance standards and methodologies, Information Security legislation and regulations and software development lifecycle In-depth knowledge on countermeasures against potential risks Technical knowledge of IT systems, data bases, data warehouse, ETL tools and data modelling Experience in IT Security methodology Responsibilities:
Set the Technology Strategy & Innovation for your area of responsibility:
Formulate and execute a robust strategy for the development, deployment, maintenance and monitoring of information security technologies and program enhancements including strategic integration of partnerships e.g. Joint Ventures, Mergers and Acquisitions Provide Executive and Group Risk committees a view on overall cyber security readiness of the business, inclusive of measures needed to be implemented to enhance the current levels of security practices and awareness Responsible for ensuring the disaster recovery strategy meets or exceeds information security standards and is regularly tested to maintain organisational readiness Prioritise and allocate cyber security resources efficiently in alignment with organisational priorities and strategic objectives Accountable for the data protection of the organisation in compliance with regulatory requirements Own and execute the creation of a framework and program that oversees data protection across the organisation through the enforcement of the policy through business area Deputy Information Officers Accountable for compliance with all relevant data privacy regulations, including the Protection of Personal Information Act (POPIA) Lead Analysis and Planning Activities:
Head up the analysis of the technology landscape and crafting of blueprint/frameworks that address current and future vulnerabilities / gaps Lead the monitoring of security vulnerabilities, threats and events across network and host systems and prioritise plans of action according to severity of risk and provide an assessment to the CTO of the impact to the organisation with a plan to remediate Stay current with evolving security landscapes, continuously identifying potential threats and integrating preventive measures Collaborate with key stakeholders to integrate IT systems development with security policies and information protection strategies Validate the effectiveness of vendor relationships and performance and recommend the appointments of new vendors in conjunction with Procurement in alignment with the IT strategy when required Conduct in-depth research on emerging security methodologies and tools to maintain an adaptive security posture and propose enhancements to secure the business’ infrastructure Security Design & Risk Management:
Establish a comprehensive risk management program that includes security audits, policy reviews and compliance with relevant regulatory frameworks Lead the development and enforcement of corporate security policies, standards and procedures, ensuring adherence across the organization Ensure organisational compliance with the Regulation on Interception of Communications Act, POPIA and relevant international privacy laws Devise innovative solutions within the security domain to protect the business’ cash ecosystem, enhancing operational security and efficiency Collaborate with key stakeholders to establish a robust IT security risk management program, which is not limited to this one component but will be agile in design Provide expert guidance and consultancy on the development of local, system-specific and application-specific information security policies, guidelines, standards, procedures, and responsibility designations Lead Implementation and Execution Activities:
Develop and embed a cyber forensics investigation program to address security incidents and implement best practices in incident management Responsible for the maintenance and updating of the Information Governance Toolkit and other measures of information security as required Lead the response to security incidents, ensuring thorough investigations and prompt remediation with clear communication to key stakeholders Spearhead education programs, in collaboration with organisational development, focused on user awareness and security compliance and institute enterprise-wide training in security awareness, protocols and procedures Coordinate external information security inspections / audits, tests and reviews and oversee an in-house security team and consultants where applicable Develop strategies to manage security incidents, coordinate investigative activities and test the effectiveness post deployment Stakeholder & Vendor Management:
Develop a vendor management framework to oversee vendor performance, validate relationships, and ensure contractual alignment with the business’ security strategy Engage with internal and external stakeholders, communicating the value of cybersecurity investments and fostering a collaborative approach to risk management Create and maintain partnerships with industry leaders to enhance the business’ security posture and access cutting-edge security resources and insights Collaborate and consult with key stakeholders to manage the strategic alignment within the business cyber security Lead Risk & Quality Management:
Develop and deliver an audit strategy that ensures minimal findings (Striving to deliver zero audit findings), reinforcing business’ commitment to security excellence and regulatory compliance Identify and implement improvements from audit findings, ensuring a culture of proactive risk management and audit readiness Regularly report on security metrics to senior management, illustrating progress, areas for improvement and the impact of security initiatives Quantify security risks in terms of potential revenue and reputational impact, helping to prioritise mitigation efforts based on business risk Deliver clean vulnerability assessments on business technology resources through constant health checks, forensic investigations and mitigation procedures Manage technology related insurance including cyber insurance costs Review and seek to improve on the internal and external business continuity management plans including running tests to ensure effectiveness Collaborate with the business and external stakeholders to validate and review disaster recovery plans that will have minimal impact on the cash ecosystem service delivery Financial Management:
Plan and oversee the technology security budget, forecasting accurately and ensuring alignment with the business’ financial priorities Oversee cyber insurance policies, ensuring adequate coverage for potential incidents and periodic review of policy terms Manage a departmental budget, reporting on monthly expenditure and updating forecasts accordingly Regularly assess the cost-effectiveness of security expenditures, optimizing spending on technology, training, and vendor partnerships People Management:
Establish, embed and maintain information security standards, including continuous improvement of working processes, effective use of organization-wide approaches to goal setting, personal development planning, and motivation for a high performing team Responsible for creating a cyber risk conscious culture that understand the integral role each employee plays in successfully protecting the business Identify and develop future leaders within the team, ensuring a pipeline of talent aligned with the business’ strategic goals Encourage cross-functional skills transfer to build a versatile and resilient security team capable of responding to various threats Creates a conducive environment which translates into productivity and high morale within the business delivering on key performance areas Lead and manage the talent management process within one’s department Lead and manage the end-to-end performance management process of employees Drive transformation and BBB-EE initiatives, creating a diverse and inclusive environment that supports the business’ organizational values Draft and execute training plans in conjunction with the organisational development team Collaborate with Change Management and HR to maintain high levels of employee satisfaction and facilitate a positive workplace culture Drive the organisation culture within one’s centre:
Drive the department’s values while inspiring confidence and generating excitement, enthusiasm and commitment towards the mission Serve as a leader of the culture program driving the desired behaviours and encouraging employee engagement Create and implement strategies in collaboration with Change Management and HR to evaluate and maintain employee satisfaction Drive Transformation and BBB-EE initiatives to ensure sustainable alignment to the company scorecard If you would like to email your CV directly – please send it to [email protected]
Information displayed above not limited to advertisement.
Please consider your application as unsuccessful if you have not received a response within 14 days of submitting your application. However, please keep a lookout on our website, www.bedifferent.co.za, for available positions which you may be suited for.
A bachelor’s degree in computer science, programming, or a related field One or more of the below certifications would be advantageous: CISSP: Certified Information Systems Security Professional CISA: Certified Information Systems Auditor CISM: Certified Information Security Manager 5 years senior management experience delivering and securing high risk operations 8 years’ working in Cyber Security of which: 5 years managing security operations and teams and 3 years managing IT Security supplier performance Expert knowledge of Information Security tools and techniques, IT Governance standards and methodologies, Information Security legislation and regulations and software development lifecycle In-depth knowledge on countermeasures against potential risks Technical knowledge of IT systems, data bases, data warehouse, ETL tools and data modelling Experience in IT Security methodology Responsibilities:
Set the Technology Strategy & Innovation for your area of responsibility:
Formulate and execute a robust strategy for the development, deployment, maintenance and monitoring of information security technologies and program enhancements including strategic integration of partnerships e.g. Joint Ventures, Mergers and Acquisitions Provide Executive and Group Risk committees a view on overall cyber security readiness of the business, inclusive of measures needed to be implemented to enhance the current levels of security practices and awareness Responsible for ensuring the disaster recovery strategy meets or exceeds information security standards and is regularly tested to maintain organisational readiness Prioritise and allocate cyber security resources efficiently in alignment with organisational priorities and strategic objectives Accountable for the data protection of the organisation in compliance with regulatory requirements Own and execute the creation of a framework and program that oversees data protection across the organisation through the enforcement of the policy through business area Deputy Information Officers Accountable for compliance with all relevant data privacy regulations, including the Protection of Personal Information Act (POPIA) Lead Analysis and Planning Activities:
Head up the analysis of the technology landscape and crafting of blueprint/frameworks that address current and future vulnerabilities / gaps Lead the monitoring of security vulnerabilities, threats and events across network and host systems and prioritise plans of action according to severity of risk and provide an assessment to the CTO of the impact to the organisation with a plan to remediate Stay current with evolving security landscapes, continuously identifying potential threats and integrating preventive measures Collaborate with key stakeholders to integrate IT systems development with security policies and information protection strategies Validate the effectiveness of vendor relationships and performance and recommend the appointments of new vendors in conjunction with Procurement in alignment with the IT strategy when required Conduct in-depth research on emerging security methodologies and tools to maintain an adaptive security posture and propose enhancements to secure the business’ infrastructure Security Design & Risk Management:
Establish a comprehensive risk management program that includes security audits, policy reviews and compliance with relevant regulatory frameworks Lead the development and enforcement of corporate security policies, standards and procedures, ensuring adherence across the organization Ensure organisational compliance with the Regulation on Interception of Communications Act, POPIA and relevant international privacy laws Devise innovative solutions within the security domain to protect the business’ cash ecosystem, enhancing operational security and efficiency Collaborate with key stakeholders to establish a robust IT security risk management program, which is not limited to this one component but will be agile in design Provide expert guidance and consultancy on the development of local, system-specific and application-specific information security policies, guidelines, standards, procedures, and responsibility designations Lead Implementation and Execution Activities:
Develop and embed a cyber forensics investigation program to address security incidents and implement best practices in incident management Responsible for the maintenance and updating of the Information Governance Toolkit and other measures of information security as required Lead the response to security incidents, ensuring thorough investigations and prompt remediation with clear communication to key stakeholders Spearhead education programs, in collaboration with organisational development, focused on user awareness and security compliance and institute enterprise-wide training in security awareness, protocols and procedures Coordinate external information security inspections / audits, tests and reviews and oversee an in-house security team and consultants where applicable Develop strategies to manage security incidents, coordinate investigative activities and test the effectiveness post deployment Stakeholder & Vendor Management:
Develop a vendor management framework to oversee vendor performance, validate relationships, and ensure contractual alignment with the business’ security strategy Engage with internal and external stakeholders, communicating the value of cybersecurity investments and fostering a collaborative approach to risk management Create and maintain partnerships with industry leaders to enhance the business’ security posture and access cutting-edge security resources and insights Collaborate and consult with key stakeholders to manage the strategic alignment within the business cyber security Lead Risk & Quality Management:
Develop and deliver an audit strategy that ensures minimal findings (Striving to deliver zero audit findings), reinforcing business’ commitment to security excellence and regulatory compliance Identify and implement improvements from audit findings, ensuring a culture of proactive risk management and audit readiness Regularly report on security metrics to senior management, illustrating progress, areas for improvement and the impact of security initiatives Quantify security risks in terms of potential revenue and reputational impact, helping to prioritise mitigation efforts based on business risk Deliver clean vulnerability assessments on business technology resources through constant health checks, forensic investigations and mitigation procedures Manage technology related insurance including cyber insurance costs Review and seek to improve on the internal and external business continuity management plans including running tests to ensure effectiveness Collaborate with the business and external stakeholders to validate and review disaster recovery plans that will have minimal impact on the cash ecosystem service delivery Financial Management:
Plan and oversee the technology security budget, forecasting accurately and ensuring alignment with the business’ financial priorities Oversee cyber insurance policies, ensuring adequate coverage for potential incidents and periodic review of policy terms Manage a departmental budget, reporting on monthly expenditure and updating forecasts accordingly Regularly assess the cost-effectiveness of security expenditures, optimizing spending on technology, training, and vendor partnerships People Management:
Establish, embed and maintain information security standards, including continuous improvement of working processes, effective use of organization-wide approaches to goal setting, personal development planning, and motivation for a high performing team Responsible for creating a cyber risk conscious culture that understand the integral role each employee plays in successfully protecting the business Identify and develop future leaders within the team, ensuring a pipeline of talent aligned with the business’ strategic goals Encourage cross-functional skills transfer to build a versatile and resilient security team capable of responding to various threats Creates a conducive environment which translates into productivity and high morale within the business delivering on key performance areas Lead and manage the talent management process within one’s department Lead and manage the end-to-end performance management process of employees Drive transformation and BBB-EE initiatives, creating a diverse and inclusive environment that supports the business’ organizational values Draft and execute training plans in conjunction with the organisational development team Collaborate with Change Management and HR to maintain high levels of employee satisfaction and facilitate a positive workplace culture Drive the organisation culture within one’s centre:
Drive the department’s values while inspiring confidence and generating excitement, enthusiasm and commitment towards the mission Serve as a leader of the culture program driving the desired behaviours and encouraging employee engagement Create and implement strategies in collaboration with Change Management and HR to evaluate and maintain employee satisfaction Drive Transformation and BBB-EE initiatives to ensure sustainable alignment to the company scorecard If you would like to email your CV directly – please send it to [email protected]
Information displayed above not limited to advertisement.
Please consider your application as unsuccessful if you have not received a response within 14 days of submitting your application. However, please keep a lookout on our website, www.bedifferent.co.za, for available positions which you may be suited for.
Confirm your E-mail: Send Email
All Jobs from Be Different Recruitment