Information Security Officer

As a member of the IT Team, you will be responsible for establishing and maintaining an information security framework to provide assurance that the supporting security strategies are implemented and aligned with business objectives, IT governance and legislative/regulatory requirements. With this in mind, you will make an impact from day one by:

• Ensuring information security & data management is aligned to POPIA and GDPR compliance requirements
• Own and drive the ISO 27001 certification maintenance and process
• Own, manage and run the Security Awareness Training for the organization
• Review, manage and improve the ISMS system, process and platform
• Define rolling 3-year information security strategy and roadmap, and supporting operations plan and budget estimates to close identified gaps
• Submit proposals and plans initiate information security related projects, conduct rigorous evaluation and selection of appropriate technical solutions, secure required IT spend approval
• Manage application security tools and vendors (Microsoft End Point Manager, Intune, Azure Sentinel, Office 365 Security Centre, AWS WAF’s)
• Manage and improve incident response capability to proactively identify and mitigate against IT security risks or incidents, and recover from disruptive and destructive information security events
• Lead the IT security team responsible for day to day security and operational tasks, logical user access management, access certification review campaigns, including management of resource allocation and duties
• Provide information security input for architecture designs in AWS and Azure
• Manage and coordinate remediation of IT audit findings by implementing supporting IT security controls and processes
• Conduct the information security risk assessment programme, supported by vulnerability assessments and facilitating independent penetration testing
• Function as an internal ITSec consulting resource for other business units on information security
• Manage suppliers, partners and vendors to ensure adherence to security requirement
• Support the Information Officer on data governance related issues

QUALIFICATION

Education

• Relevant IT qualification in Information Systems
• CISSP, CISM, OSCP/CEH Certification (Beneficial)

Experience

• At least 4 – 6 years Information Security experience
• Practical experience with information security concepts, frameworks, methodologies, legislative and regulatory requirements (ISO 27001, NIST, POPIA, GDPR)
• Experience with infrastructure and network architecture technical design, security and management (firewalls, routers, switches, IDS, IPS, cloud computing, mobile device management, virtualization)
• Practical knowledge and understanding of information security tools, network security systems, host diagnostics, vulnerability assessments, penetration testing, threat assessments, report writing and documentation across multiple platforms
• Experience in implementing and configuring security systems, tools and programs e.g. SIEM, vulnerability scanning, coordinating penetration testing, ISMS platforms
• Basic scripting skills (e.g. bash, python, powershell)
• Understanding of threat analysis
• Experienced in Policy writing and reviews
• Experience in Agile/ relevant solution development methodologies will be beneficial
• Experience in Security practices and standards in development like the security development life cycle (e.g. OWASP) will be beneficial

Specific Skills

• Knowledge of ISO27000, COBIT, ITIL, CIS T20 and ISF best practices.
• Knowledge of Information Risk Methodologies (ideally IRAM2), threat modelling and Operational Risk management methodologies
• Knowledge of policies and project management methodologies
• Knowledge of applicable legislation
• Innovative, critical thinking and problem-solving skills
• Ability to quickly assimilate knowledge from outside own area of expertise
• Ability to work both independently and in a team-oriented
• Ability to explain and document what controls are needed and why, and identify pragmatic alternatives to mitigate threats and risks where time and cost constraints so dictate
• Ability to identify security weaknesses and take ownership of tasks
• Good communication and organizational skills with a strong ability to influence, build relationships with, and negotiate with colleagues (both IT technical and non-technical, including project teams, managers, and business stakeholders), suppliers and external partners

Personal Characteristics

• Strong collaboration skills
• Sound personal relationships
• Highly accountable
• Attention to detail
• Strong analytical skills
• Delivery to deadline and quality focused
• Innovative and adaptable to changing business requirements
• Passion for building engaging user experiences

Other Opportunities You Might Like:

• Chief Technology and Information Officer
• Information Governance Officer