Reference : 5943 CDSJob
Develop, implement, and monitor a strategic, comprehensive enterprise information security and IT risk management program to ensure that business, clients and staff information assets are adequately protected.
Work directly with the business units to facilitate risk assessment and risk management processes.
Develop and enhance an information security management framework.
Understand and interact with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems, and services.
Provide information security leadership to the business and Technology By Design team.
Partner with business stakeholders across the company to raise awareness of information risk management concerns and trends.
Assist with the overall business technology planning, providing a current knowledge and future vision of technology and systems based on cyber trends and information Educate staff, partners and clients about computer / mobile security and promote security awareness and security best practice protocols.
IT security systems administration Act as system administrator for a variety of security-related systems, including but not limited to intrusion detection and prevention devices, connection loggers, vulnerability scanners, and network monitoring devices.
Ensure security is embedded in IT Systems and Network Infrastructure (Mobile, IS and Enterprise) across organization.
Ensuring compliance and adherence to governing laws : POPIA and GDPR.
Ensuring that technologies, processes, and policies are aligned to industry best practices and ISO 27001.
Assist business units with information security risk assessments and external partner alignment to information security best practices.
Choose, implement, monitor and upgrade computer anti-virus and malware protection systems.
Upgrade systems regularly to remain competitive in the field of security.
Communicate the system status and keep users informed of downtime or changes and improvements to the systems.
Create and maintain appropriate documentation and processes.
Finding the best way to secure the IT infrastructure of an organization.
Identifying vulnerabilities in our current network.
Developing and implementing a comprehensive plan to secure our computing network.
Monitoring network usage to ensure compliance with security policies.
Keeping up to date with developments in IT security standards and threats.
Performing penetration, DR and backup tests to find any flaws.
Collaborating with management and the rest of Technology By Design team to improve security.
Documenting any security breaches and assessing their damage.
Educating colleagues about security software and best practices for information security.
Identify and develop areas where information security policies and procedures require creation or update; confer with management, developers, auditors, facilities and other business unit personnel to identify and security for data, software applications, hardware, telecommunications, and computer installations.
Plan, design and audit policies and procedures which safeguard the integrity of and access to systems and electronic information to guard information against accidental or unauthorized modification, destruction or disclosure.
Provide risk assessment and security briefings related to security issues; manage IT security awareness programs and activities, and advise resource owners on formation of appropriate security policies.
Provide education, awareness and training to community members.
Provide overall security program strategic direction to improve the information security posture and assurance level of the organization.
Assist in establishing clearly defined and documented scope, objectives, approach, plans and resource requirements.
Lead other staff members in the program design and to effect initiatives, programs or projects to meet those management and business objectives.
Make recommendations for improving controls and practices to reduce risks related to information security.
Assist with development and maintenance of Service Level Agreements and Operating Level Agreements.
Other duties as assigned.Qualifications : Information technology degree in the field of computer science or information security 3+ years Information security-related work experience, Knowledge of common information security management frameworks, such as ISO / IEC 27001 and NIST.
Knowledge of patch management, firewalls and intrusion detection / prevention systems (e.g.
SCCM) Knowledge and experience of Information Security Risk and Security governance CCNA, CISSP, CISM or related certification is advantageous.
Knowledge of working with Information security tool (e.g.
Firewalls, Antivirus, Network monitoring tool) Experience dealing with Information Security Audits Experience working with stakeholders Strong process methods Provide Cyber Security Guidance across functions and regions.
Drive remediation activities across the organisation offices Extensive experience in Information Technology, with a background in Security and Compliance Professional information security certification.
Solid knowledge of various information security frameworks.
Excellent problem-solving and analytical skills.
Ability to educate a non-technical audience about various security measures.
Effective verbal and written communication skills.