Job Description

JOB DESCRIPTION:

Job Title:IT Information & Cybersecurity Manager
Employment Type:Permanent, On-site
Work Location:Johannesburg

JOB SCOPE & RESPONSIBILITIES

• Develop, and drive the implementation of the companys cyber security plans in consultation with key stakeholders.
• Oversee and participate in proactive investigations and analyses into potential technology security threats and deliver an IT cyber and security architecture to support current and future business products, and processes.
• Lead and monitor information security health-check assessments and testing of the companys security measures, such as firewalls, anti-virus software and passwords, to identify any weak points that might make information systems vulnerable to attack.
• Be able to advise the business and scope assessments/penetration tests to ensure the protection of data.
• Stay up-to-date on the latest intelligence, including hackers' methodologies, to anticipate security breaches; anticipate new security threats and stay- up-to-date with evolving tools, architectures, and infrastructures.
• Recommend and manage the implementation of security measures to protect computer systems, networks, and data
• Be able to perform threat modelling, threat-based assessments (Red and Blue), control effectiveness and KPIS on threat exposures.
• Manage and respond to engaged resources for immediate response and recovery of an application or service.
• Assemble and analyse risk scenarios to estimate the likelihood and impact of significant events on the organisation.
• Oversee and provide guidance on the implementation of large governance, security and business continuity projects and deployment efforts.
• Facilitate the design, development, implementation and maintenance of high caliber governance and risk management solutions according to standards and best technologies that meets the current and future business needs.
• Ensure security projects are approved, implemented, and meets appropriate security standards.
• Oversee the installation and updating of software and ensure database back-ups are executed in line with regulatory requirements.
• Oversee all security system maintenance by providing system validation procedures, maintenance reports, deactivation plans, and other documents, plans and report; continuously analysing the systems to determine when deactivation or replacement is required.
• Check the conformance of the delivered platforms to standards and architectural decisions and resolve governance, risk, and security architectural conflicts.
• Lead the team in identifying treatments for control gaps and remedial actions related to cyber security incidents ensuring the adoption or development of relevant security services.
• Provide guidance and timely recovery following the occurrence of an outage or major disasters, such as fires, earthquakes, floods, biochemical attacks, pandemics, electrical disruptions, and network disruptions which result in the partial or complete disruption of business operations support.
• Manage the development, maintenance and availability of governance standards and processes for the IT Information & Cybersecurity function and align and embed practices with new legislative compliance, regulation requirements and security protocols.
• Facilitate IT audits in own area of responsibility to ensure correct governance over the use of technology and the protection and control of information to meet audit requirements.
• Shared accountability for developing and managing the budget and expense management for the portfolio.
• Relationship agreements with key suppliers, business partners and sponsors are built, negotiated, and managed to achieve the business objectives and leverage new opportunities and joint initiatives.
• Provide inspirational leadership and change management interventions to enhance engagement and motivational culture across the business.
• Provide oversight of and manage any outsource service provider in the context of information and cyber.
• Ensure the IT functional heads adhere to security practices.
• Provide reporting and dashboards on state of security across the group.

QUALIFICATION AND EXPERIENCE

Qualification:

• BTech or relevant equivalent.
• Security Certification (CISM and CISSP).

Experience:

• Minimum of 10 years experience in the IT information security environment, including 3 years in a management position.
• Extensive experience in the implementation of Cyber security technologies.
• Experience in cyber threat monitoring and response, threat remediation and threat intelligence.

Work conditions and special requirements

• Travel to all units required on a regular basis.
• Will be required to work outside of normal working hours, in line with operational requirements (including weekends, public holidays).

COMPETENCIES

Technical proficiency:

• Business & Financial Acumen.
• SDLC Testing methodologies and practices.
• IT Information / data risk & cyber threats management
• In-depth knowledge of the cyber technologies preferably McAfee suite.
• Security Architecture.
• Risk Management.
• Disaster recovery, BCM, back-up testing.
• Security and BCM standards, frameworks, and methodologies (ISO23001), NIST Cyber Security Framework, CIS, ITIL, Cobit.
• Contract management.
• Knowledge and application of IT security legislation (Promotion of Access to Information Act, CPA, King IV, Protection of Personal Information Bill, Regulation of Interception of Communications & Provision of Communication-related information Act; Gaming Regulations).

Know-how:

• Requires a professional with specialised theoretical knowledge and processes relating to Information Security and Cybersecurity practices, processes, and regulations.
• Short term planning within 12 - 18 months involves conducting the planning and integration of technology components to meet and optimise new business requirements.
• Organise, plan, and prioritise tasks for self and team to ensure that work gets done efficiently.
• Effective scheduling to ensure that team is adequately resourced to achieve targets/meet job requirements.
• Interact with stakeholders and team - influencing, motivating, and encouraging specific behaviour.

Problem-solving:

• Apply business acumen and sound common sense to the management of IT cybersecurity requirements.
• Makes use of analytical and conceptual skills to adopt and adapt IT cybersecurity plans to meet potential opportunities, risks, and challenges.
• Analyse and diagnose operational challenges and manage plans to protect and optimise technology to support business requirements.
• Deal with diverse problems across multiple business touchpoints, using judgment and discretion to resolve them, in line with set policies and standards.

Accountability:

• Research, benchmark and provide information and recommendations to protect the business.
• Solutions should be cost efficient and effective in delivering IT cybersecurity that reduces risk to the business and supports the achievement of business results.
• Delivers technology results across multiple business touchpoints working and managing various project teams to achieve success.

PACKAGE & REMUNERATION

• Negotiable depending on Qualifications and Experience.

Careers24