Anova is an NGO that empowers people and changes lives. Good health and quality of life is what motivates us to provide healthcare solutions and support for those who need it most.
The Information Security Officer (ISO) develops programs and frameworks in line with the ICT strategy to protect Anova's computer network and data from various forms of security breaches.
To oversee information governance and security to ensure that appropriate controls are in place, data is secure and processed safely.
As the center of competence for information security, the ISO provides advice and acts as the focal point for security compliance-related activities and responsibilities.
Key duties and responsibilities :
Information security and governance*
Identify vulnerabilities in the network in order to develop, implement and monitor a strategic, comprehensive enterprise information security, risk, and governance program to ensure that information assets are adequately protected.
Develop and enhance information security management framework / s aligned to the comprehensive program and ICT strategy.
Understand and interact with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems, and services.
Provide input into ICT planning by providing current knowledge and future vision of security and governance related to technology and systems to ensure adequate and appropriate consideration during planning. *Data protection* * *
Create and institute measures to safeguard sensitive information and data within the computer network from various forms of security breaches by continuously researching, developing, implementing, testing and reviewing information security in order to protect information and prevent unauthorized access.
Identify, assess, and accurately report security risks to partner with business stakeholders across the company to raise awareness of risk management concerns.
Work closely with business units to facilitate risk assessment and risk management processes and inform users about security measures, potential threats, and mitigation measures to keep users up to date.
Effect role as centre of competence to the enterprise's information security organization by educating colleagues about security software and best practices for information security. *Network security* * *
Monitor networks to ensure local procedures and activities comply with all regulatory requirements and internal policies, procedures, guidelines, and standards.
Install software, implement security measures, monitor networks and document any security breaches.
Assess damage related to security breaches to ensure corrective action can be implemented so that continued security and governance standards can be maintained.
Keep abreast of rapidly changing needs around security threats to mitigate security breaches and cyber-attacks to ensure any suitable updates are recommended.
Minimum qualifications and experience : *
BSc / BA in Computer Science or Information Security or BCom Informatics.
A certification in information security such as a CISA certification.
Information Security Risk and Security governance certification or course such as CISSP, CISM or related certification.
At least 3 to 5 years previous information security and governance related work experience.
Monitoring of firewalls and network tools
POPI compliance knowledge regarding information security *Preferred qualification and experience : *
Honours Degree would be an advantage
Experience working with Mimecast
Working exposure to Cyber Security *Skills, competencies, and attributes : *
Excellent knowledge of common information security management frameworks, such as ISO / IEC 27001 and NIST.
Excellent knowledge of best practices to prevent a wide range of security threats.
Experience with MS Windows and Microsoft product suite In accordance with our Employment Equity goals and plan, preference will be given to suitable applicants from designated groups as defined in the Employment Equity Act 55 of 1998 and subsequent amendments thereto.
Anova Health Institute is a provider of essential health services and therefore has a mandatory vaccination policy. Should your application be successful, you will be required to submit your proof of vaccination before commencing employment in the role.
Applicants who have not been contacted within 4 weeks of submitting their application should assume that they have not been successful.
Unsolicited CVs from agencies will not be paid agency fees should their candidate be placed at Anova.