Job Description

We Go Places! How about you?
Immediate Superior: Krushen Pillay
Location: Sandton
Function: Digital & Technology
Sub Function: Digital & Technology - Operations
Type of Contract: Permanent
Reference Number: 142265
Closing Date: 25/09/2025
Responsible for management and implementation of the global cyber security strategy based on the applicable cyber security framework, to reduce the risk of a cyber security incident according to the risk appetite of HEINEKEN and the OpCo; raises wider OpCo cyber security awareness. General management and oversight of all D&T security, governance, risk and compliance.
Roles and responsibilities:
Security Operations

• Advising, communicating and ensuring implementation of the global security standards & procedures by the local OpCo business and D&T teams
• Managing updates related to OpCo Security Standards that are required due to local legislative requirements, in consultation with the relevant regional Security & Risk Lead (S&RL) in line with HEINEKEN Security Strategy and supporting the HEINEKEN Business Strategy
• Being responsible for local security approvals regarding global services (e.g. HeiNet), in order to maintain the highest level of security for the information and IT assets of the company
• Assisting the global operational security team in the design of controls/ standards and procedures that have broad implications, requiring systems integration of one or more technical platforms
• Performing Risk reviews using the risk management procedure for all new local programs/services to be deployed in the OpCo operational environment and veto programs which do not comply with HEINEKEN's security standards
• Continuously assessing compliance of the OpCo versus the Information Security Standard (ISS) by testing the ISS controls as detailed in the Information Security Procedure (ISP)
• Reporting compliance vs. the ISS & ISP on a continuous basis upon request from the S&RL team and on a yearly basis during the annual IRSA (Information Risk Self-Assessment)
• Monitoring and ensuring the timely closure of tasks related to audit and internal control issues raised by e.g. Global Audit, Information Security & Risk Managers, etc.
• Delivering to the Global S&RL team, Security Improvement plans (updated 3 x annually) for the OpCo and region with the gaps identified in the IRSA and HeiRules processes aligned with issues and tasks identified through audits performed by the Global audit team or external auditor; developing and managing the Information Security action plan to address identified risks and non-compliances; gaining approval from the relevant management team on that action plan and its related budget
• Monitoring and reporting on the execution of that actions plan, reporting locally to the local management team and centrally to the Regional S&RL Team
• Analysing and challenging derogation requests regarding the ISS/ISP that OpCo could have with a new solution or program, and communicating same to the global security operations and risk management teams for approval in order to protect the HEINEKEN security environment.
• Being an IT Security Advisor for HEINEKEN OpCo in their remit for any IT security breach or new initiative
• Performing/guiding/driving digital investigations upon the request of Local OpCo/HR or Legal teams in case of breaches of HEINEKEN's Code of Business Conduct
• Dealing with any critical IT security incidents or breakout, being responsible as the local security incident lead to resolve with the OpCo IT Managers in consultation with the Global Security Officer, IT Regional Directors and Service Line Managers
• Identifying and performing independent analysis to resolve complex first-time issues including the analysis of technical and economic feasibility of proposed security systems/ solutions; being responsible to assist the global security operations team for any IT technical audit (e.g. Ethical Hack) to any OpCo IT infrastructure or service that a 3rd Party offers to HEINEKEN with a valid and open contract to ensure that security policies are in place
• Advising OpCo operations teams for security requirements (e.g. Patching, Anti-Virus, Upgrading, firewalls, VRFs, etc.)
• Providing knowledge and expertise on IT Operational Security matters for local Service Line Managers
• Analysing and recommending improvements on security related monitoring and auditing activities.
• Management of security related D&T calls and setup and relevant SLA's
• Management implemented of relevant programmes and projects.

Security Awareness

• Managing /Developing /Improving and assisting in the annual deployment of the Security Awareness Program within the OpCo
• Defining, designing and deploying ongoing educational assets to improve security across OpCo.

Security Strategy

• Being responsible for identifying potential risks and recommendations on how to prevent and/or avoid that risk for inclusion in global operational security strategy.
• Collaborating with the regional S&RL to understand and develop further the controls and processes required to improve information security.

Innovation

• Accelerating and driving implementation of new Security strategies and standards from D&T towards OpCo
• Researching / participating in peer security forums (3rd parties and peers Companies) to identify opportunities to benchmark and continuously improve local implementation of standards and best practices from across IT or from the marketplace.
• Providing security expertise across multiple technical platforms to various OpCo stakeholders in all phases of solutions development (Ideation, Design, build, test and deploy) and Operations.

Software License Management

• Maintaining up to date evidence of possessed software licenses

• Owning and conducting Software Risk and Security assessment process and relevant software license purchase process within OpCo

Business Continuity Planning & Disaster Recover

• Advise and annual review of functional BCP plans.
• Advise and review D&T DR plans and oversee annual actual and/or walkthrough of plans.
• Interrogate and review DR and BCP plans for all D&T programmes.

D&T policies and procedures

• Manage annual review process.

• Audit D&T policies, procedures and standards.

Education and Skills:

• Bachelor's or master's degree in business information technology or a related field.

• 5+ years of working in the cyber security field and previous experience working as a cyber security officer or manager
• Experience in handling security incidents
• Proven ability to dynamically assess risks, threats & threat actors
• Possess a working knowledge of network communications and routing protocols (TCP, UDP, ICMP, BGP, MPLS, etc.) and common internet applications and standards
• Strong communication and organizational skills
• Ability to explain complex technical processes to business stakeholders
• Excellent management and leadership skills
• Following certificates are beneficial to have, e.g. CISSP / CCSP / CISM / CISA / CRISC

The Company's approved Employment Equity Plan and Targets will be considered as part of the recruitment process. As an Equal Opportunities employer, we actively encourage and welcome people with various disabilities to apply. Heineken Beverages (South Africa) (Pty) Ltd) is committed to an organisational culture that recognises, appreciates and values inclusion and diversity. You must be fully eligible to live and work in South Africa to apply.

Skills Required