The mandatory requirements for this position are :
Fifteen plus ( 15 + ) years of relevant c hief i nformation s ecurity o fficer e xperience;
Relevant qualification; and
Knowledge or experience in all , with expert knowledge in at least two , of the following areas :
Security architecture ;
B usiness continuity management ;
Information management; and
IT investigations and digital forensics .
Responsibilities a nd Job Function
The successful candidate will be required to :
Act as the centre of excellence for information security in the organisation;
Research latest trends in information security and information security approaches;
Incorporate any enhancements uncovered via research in the information security strategies and frameworks;
Establish and maintain the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected;
I dentify , d evelop and maintain p olicies and processes across the enterprise to reduce information andâ€ information technology risks ;
Design , d evelop and maintain information technology frameworks and strategies;
E stablish appropriate standards and controls ;
Propose security technologies ; and
Be overall r esponsible for information-related compliance .
Knowledge a nd Skills
The general skills required for this position are :
Expert ability to articulate the return on investment for any security solutions ;
Expert experience with the i ncident r esponse s tandard;
Superior knowledge of b udget and fiscal managemen t; and
Ability to work independently in a fast-paced, quickly changing and sometimes unstructured environment .
The technical skills required for this position are :
Expert knowledge of information assets and technologies;
Expert knowledge of cybersecurity, security architecture , d atabase , application and i nformation security governance and management;
Expert knowledge of disaster recovery ;
Expert knowledge of identity and access management ;
Expert knowledge of information privacy , regulatory compliance , and risk management ;
Expert knowledge of information technology controls â€ for financial and other systems ;
Expert knowledge of i nformation technology investigations and digital forensics ;
Expert e xperience with crafting security policies;
Expert a wareness of potential point s of failure in i nformation t echnology systems;
Expert competencies such as governance, system controls, auditing, compliance and operations management, strategic planning, and finance and risk management ; and
Expert n etwork security and firewall management skills .
The qualifications and experience related to this position are :
Appropriate and recognised formal chief information security officer related tertiary qualification, preferably a master s degree, or equivale nt thereof, in information technology or related field .
Third party certifications such as the CCISO (certified chief information security officer) by the EC-Council, CISSP (certified information systems security professional) by ISC², and the CISM (certified information security manager) by ISACA are advantageous ; and
Experience of f ifteen plus (15 + ) years within a c hief i nformation s ecurity o fficer role .