Job Description

Overview

The Head of Information & Cyber Security is responsible for defining and enforcing robust information security policies and frameworks to protect the organization's digital assets from potential threats. This executive role requires a strategic mindset to develop long-term security strategies, ensure compliance with data protection laws, and manage IT security risks. The Head of Information & Cyber Security will lead the security operations, governance, compliance, and team management to safeguard the integrity, confidentiality, and availability of the organization's information systems. The role works closely with other IT leadership roles including the Head of IT Governance, Risk and Compliance as well as Head of Service Operations.

Qualifications

Bachelor's degree in Information Security, Computer Science, or related field. Professional certifications such as CISSP, CISM, or similar are highly preferred.

Experience

At least 10 years of experience in information security or related fields, with a minimum of 5 years in a senior leadership role. Demonstrated experience in managing information security in a complex organizational environment. Proven track record of developing and implementing security policies and systems that have successfully protected an organization.

Duties

Security Architecture Development: Architect and implement security solutions that ensure the organization's IT policies, data protection strategies, and privacy regulations are robust and effective. Governance and Compliance: Oversee information security governance and compliance, including adherence to standards such as ISO27001, the South African Protection of Personal Information Act (POPIA), and global data protection regulations such as the European GDPR. Manage business and IT service continuity planning to ensure organizational resilience. Global Regulatory Understanding: The Head of Information and Cyber Security will need a comprehensive understanding of global cybersecurity regulations beyond just GDPR and POPIA. This includes familiarity with regulations in key markets where the organization operates, such as CCPA (California), PIPEDA (Canada), or the requirements in Asian and Middle Eastern markets. Global Security Strategy: Tailoring the security strategy to accommodate different regulatory environments and cultural contexts, ensuring that policies are universally applicable and locally adaptable. Security Operations: Direct penetration testing and other vulnerability assessments by coordinating with external experts to enhance the organization's defences. Strategic Security Planning: Develop and maintain a comprehensive security strategy that aligns with organizational objectives and adapts to evolving security threats. Data Loss Prevention: Implement advanced measures to prevent the unauthorized access, use, or loss of information while ensuring compliance with data protection regulations. Access Management: Control access to critical systems and information through effective management of permissions and authentication, ensuring compliance with privacy regulations. Incident Management and Prevention: Lead the response to security breaches and work proactively to prevent future incidents while ensuring compliance with data protection and privacy regulations. Risk Assessment: Conduct thorough risk evaluations and apply necessary mitigation strategies, considering both security and privacy risks. Security Awareness and Training: Develop and deliver security training and awareness programs to ensure all employees are informed of their role in maintaining security and compliance with data protection regulations. Policy and Standards Development: Establish and integrate security policies and standards across the organization, ensuring alignment with data protection and privacy regulations.

Job Competencies

Skills

Strategic Leadership: Demonstrated ability to envision, direct, and sustain a security strategy that supports and enhances business objectives. Communication Skills: Exceptional ability to articulate complex security concepts and risks to a variety of stakeholders, from technical teams to executive boards, across diverse cultural backgrounds. Problem Solving: Strong analytical and decision-making skills with the capability to navigate complex, high-pressure situations. Influencing and Negotiation: Ability to effectively influence internal and external stakeholders and negotiate security-related contracts and agreements. Cross-Cultural Leadership: Skill in leading and inspiring a diverse, international team, fostering an environment of collaboration and innovation. Remote Team Management: Proficiency in managing distributed teams, ensuring high productivity and cohesion despite geographical and time zone differences.

Knowledge

Regulatory Compliance: Deep understanding of global information security and privacy laws, such as GDPR, POPIA, CCPA, and others relevant to the organization's operations worldwide. Cybersecurity Practices: Expert knowledge in the latest cybersecurity technologies and methodologies, including but not limited to, network security, threat intelligence, risk management, and incident response. Global Security Landscape: Awareness of international cybersecurity threats, trends, and the evolving landscape of cyber warfare and crime. Business Continuity and Disaster Recovery: Comprehensive knowledge in developing and implementing business continuity plans and disaster recovery strategies, especially in a multinational context. Technical Proficiency: Understanding of complex IT systems, cloud technologies, and other modern infrastructure components that may be deployed across different regions. Educational and Professional Standards: Familiarity with the qualifications and certifications that are highly regarded in the field, such as CISSP, CISM, CISA, and similar credentials.

General