DescriptionRole Description : Define, develop and integrate the strategic plan for information technology security and information assurance, including security architecture.
ï?· Consult with chiefs and executives on the implication of any strategic and tactical information security risks in order to ensure effective information security and to minimize risk.
ï?· Establish and update the information technology security policy which includes information assurance and information compliance as well as the code of ethics incorporating all new legislation and industry standards.
ï?· Design information technology security monitoring documentation, response plans, as well as the documentation content.
ï?· Develop and implement the Information Technology Compliance control framework.ï?· Design and maintain the Information technology Compliance policy and procedures.
ï?· Formulate audit strategy to measure the companyâ??s Information Compliance status.ï?· Identify protection goals, objectives and metrics consistent with the corporate strategic plan.
ï?· Define and execute of planning and implementation for all tools / hardware and software for information technology security.
ï?· Remain up to date and ensure compliance with all legislative requirements in respect of information security and compliance, ensuring company alignment : o Maintain, implement structures and plans and assist with the governance of RICA and POPI InformationCompliance (both local and international compliance).
o Maintain systems and processes to ensure compliance with PASA and PCI DSS (electronic payments) within the organisation.
o Liaise with Legislative authorities and governing bodies.o Keep abreast of any legislative changes at all times, and update, amend / implement policies and procedures accordinglyï?
ï?· Detect and mitigate risk timeously.ï?· Communicate the risk of non-Information Compliance and conduct high level presentations to create awareness and to inform the business of legislative requirements.
ï?· Schedule audit projects with the scope of overall company risk mitigation to ensure information security compliance and liaise and coordinate with Internal Audit in this regard.
Monitor all controls in order to provide regulatory risk assuranceï?· Facilitate the translation of the Information Security and Compliance strategy into functional business plans on an annual basis to the companyâ?
ï?· Report on all non-Information Compliance and risk issues.ï?· Investigate and identify Information Compliance risks and control management initiatives.
ï?· Liaise with external legal authorities, vendors, auditors and other relevant Information Compliance entities.ï?· Respond to incidents and establish appropriate standards and controls, manage security technologies and direct the establishment and implementation of policies and procedures.
Liaise with business to develop and implement cyber incident response plans.ï?· Manage identity and access management within the organisationâ?
ï?· Collate and prepare Information Compliance reports.ï?· Compile risk impact analysis and reportsï?· Prepare and / or present Information Compliance reports for the Risk committee and / or board members, nationally and internationallyï?
Post graduate degreeHons Degree in technology or equivalent degree i.e. BSc / B. TechMasterâ??s degree in an information systems related discipline â?
ISSA (Information Systems Security Association) membership is preferred.CISA or CISM certifications through internationally accredited organisations are beneficialExperience10 years driving the Information Technology Security and / or Compliance function in a dynamic, high growth corporate, ideally in the telecommunications industry.
In addition 3-6 yearsâ?? experience on a senior level as information security officer within a large corporate environment.
Progressive leadership experience in computing and information security, including experience with internet technology and security issues.
Proven track record for developing and implementing successful policies and assurance capabilities within a telecoms industry environmentSound knowledge of regulatory Information Compliance (e.
g. South Africa POPI Act)Experience in auditing, risk management and legal contracts.Experience at executive level within a large companyProfileSee Job Description