Information Security Officer

Purpose:

Accountable to deliver upon the strategic direction that has been set in protecting the companys' tech and data. This includes being a key partner in the design of success factors, solutions and compliance.

Duties and responsibilities:

• Organize outputs aligned to the Technology risk strategy, internal controls and budget of internal resourcing and partnerships to assure Technology Compliance to best practise and regulatory compliance (including but not limited to data protection compliance (e.g., POPI and GDPR), ECT Act, ESG, Cyber laws.
• Manage and coordinate a Zero data or Technology loss approach, internal controls and budget of internal resourcing and partnerships to manage and optimise the Cyber Risk landscape.
• Drive a proactive, predictive and continuous improvement Cyber Risks managed environment
• Drives the Information Technology Security Programme across the company landscape to protect its applications and supporting infrastructure from both internal and external threats targeting zero downtime, zero audit findings and single view of Technology Risk
• Implement and continuously enhance an information security management framework
• Develop and implement Technology Security, policies and standards that supports and enable business strategy at the strategic planning, tactical and operational business unit levels
• Form and cascade a communication plan to the Technology team relating to the compliance of IT Security Policies, Standards and Guidelines. Escalating non-compliance matters to CTO
• Design and manage a roadmap for information security related to internal controls, compliance, regulatory and a proactive risk mitigation plan for the Technology department
• Design, implement and monitor a comprehensive enterprise information security and IT risk management program in alignment with the Technology Risk strategy.
• Contribute to project risk management consulting and technical reviews as required.
• Cascade of the Enterprise risk framework into the Technology Risk Framework and functional area responsibilities.
• Consolidate and review monthly payments to vendor providing an analysis on the spend
• Track and monitor the spend vs the forecast and submit the findings for approval
• Provide input to the departmental budget, reporting on monthly expenditure and craft proposals for funding
• Create a cost catalogue linked to prescribed vendors and potential new vendors that will form the blueprint for all other departments in the company; amongst other duties

Qualifications and experience:

• IT related bachelors degree or Degree in Computer Science, IT Best practise (COBIT, ITIL etc)
• Professional Registration/Membership: Information Security Forums; ISACA; ISC2 (advantageous)
• Security related certification (CISSP,CISM,CRISC,CISA, ISO 27001) (Advantageous)

7 years experience in Technology Security or Risk Management roles of which should include:

• 4 years in Technology Policy writing (measurement of controls against Policy)
• 4 years experience in designing, implementing and closing Technology general controls gaps
• 3 years experience in directly assessing and communicating Risk Exposures and developing risk mitigation plans
• 3 years experience in coordinating large projects or initiatives across multiple areas
• 4 years experience in people management, including coaching and mentoring