Manager: IT Security Operations Center - Gauteng
Industry: Other / Job Expires: 2018-03-29 21:26:18 / Location: Gauteng
Job Description
- Establish and maintain the enterprise vision, strategy and program to ensure information assets and technologies are adequately protected.
- Manage internal and external resources (e.g, finances, people, equipment, systems) required to execute the information security program.
- Ensure that processes and procedures are performed in compliance with the organization & information security policies and standards.
- Ensure the performance of contractually agreed (e.g, with joint ventures, outsourced providers, business partners, customers, third parties) information security controls.
- Ensure that information security is an integral part of the systems development processes and acquisition processes.
- Ensure that information security is maintain ed throughout the organization’s processes (e.g, change control, mergers and acquisitions) and life cycle activities.
- Provide information security advice and guidance (e.g, risk analysis, control selection) in the organization.
- Provide information security awareness, training and education (e.g, business process owners, users, information technology) to stakeholders.
- Monitor, measure, test and report on the effectiveness and efficiency of information security controls and compliance with information security policies.
- Ensure that noncompliance issues and other variances are resolved in a timely manner.
MINIMUM EDUCATION & EXPERIENCE
- Bachelor’s Degree,
- Professional CISSP
- CISM Certification
- 10 Years in an Information Security/ Information Technology Role with at least 5 years Information security program management
CRITICAL COMPETENCIES
- Understanding of Information Security Principles, Technology and Programme rollout
- Understand the nature of threats and risks to the organisation s information
- Appreciation of information security legislation and its application within the organisation
- Understand organisational policy and its relationship to the organisation s information assets
- Understand the processing of information assets
ADDITIONAL COMPETENCIES
- Leadership, Efficient Communication, Innovation
- Excellent analytical and problem - solving abilities to identify and fix security risks .
- Ability to communicate at all levels within an organisation to promote the need for information security
KEY RESULT AREAS
- Security Governance
- Develop an information security strategy aligned with business goals and objectives.
- Align information security strategy with corporate governance.
- Develop a business case justifying investment in information security.
- Identify current and potential legal and regulatory requirements affecting information security.
- Identify drivers affecting the organization (e.g, technology, business environment, risk tolerance, geographic location) and their impact on information security.
- Develop a process to integrate information security controls into contracts (e.g., with joint ventures, outsourced providers, business partners, customers, third parties).
Security Program Leadership
- Provide leadership philosophy for the Information Security Team (or designated/assigned employees responsible for Information Security in their respective IT silos) to create a strong bridge between business units, build respect for the contributions of all and bring groups together to share information and resources and create better decisions, policies and practices for African Bank
- Ensure alignment between the information security program and other assurance functions (e.g, physical, human resources, quality, IT).
Policy Compliance and Audit
- Lead efforts to internally assess, evaluate and make recommendations to management regarding the adequacy of the security controls for the information and technology systems, (No specific audit function)
- Monitor internal and external policy compliance.
Risk Management and Incident Response
- Keep abreast of security incidents and act as primary control point during significant information security incidents. Convene a Security Incident Response Team (SSIRT) as needed, or requested, in addressing and investigating security incidents.
- Develop, implement and administer technical security standards, as well as a suite of security services and tools to address and mitigate security risk
- Provide leadership, direction and guidance in assessing and evaluating information security risks and monitor compliance with security standards and appropriate policies.
- Establish processes to review implementation of new technologies to ensure security compliance.
- Coordinate and communicate the results of Penetration Testing and Vulnerability Assessments against the African Bank perimeter and internal networks
- Design and develop a program for information security awareness, training and education, and advise operating units at all levels on security issues, best practices, and vulnerabilities
Collaboration
- Represent the company on the relevant industry related security groups and initiatives (e.g SABRIC CSIRT Workgroups)
Submissions Closing Date 22/12/2017