About the position
Your:
Formal Education:
- A degree in Computer Science, Information Technology, Cyber security or related field
- Any of the following certifications is advantageous
- Certified Information Systems Security Professional (CISSP)
- Certified Information Security Manager (CISM)
- CompTIA Security+
- Certified Cloud Security Professional (CCSP)
- Certified Information Systems Auditor (CISA)
Experience:
- Minimum of 6 years’ experience in IT Security Management
- Minimum of 6 years’ experience working with advanced security management applications and tools (including, but not limited to XDR/EDR tools, firewalls, ZTNA technologies, DLP tools, SIEM’s, identity and access management tools etc.)
Critical Competencies Knowledge:
- Sound understanding of IT governance framework
- Sound knowledge of relevant Legislations and Security/Governance standards
- Knowledge of common IT Infrastructure management frameworks and relevant industry certifications.
- Experience in the financial services industry will be advantageous
- Principles of sound English and Afrikaans
will enable you to:
Security:
- Responsible for the planning, motivation and management of the organisation’s execution of a suitable cyber security operational strategy, taking into account regulatory, legal and business requirements.
- Lead the response to security incidents, including investigation, containment, mitigation, and recovery efforts.
- Manage and ensure the consistent implementation of cyber security operational strategy. Provide regular reporting on the status of the environment to management.
- Ensure a cost-effective and efficient service that meets the organisations requirements.
- Provides technical leadership for the IT infrastructure as well as interface with business units.
- Develop and implement adequate and appropriate controls to minimise risk and provide assurance to management and external role players.
- Maintains and controls all the routine areas, including regular vulnerability, penetration testing and disaster recovery plan testing. Ensure accurate recording of results and reports to management.
- Manages key resources and assigns tasks.
- Conduct research and provide recommendations to GCIO to ensure security is maintained or improved.
- Together with the IT Operations Manager, manage service provider/partner with regard to the maintenance of the security environment.
- Maintain a register of all certificates, secrets and security keys. Ensure this register is kept up to date.
- Together with Group Risk Manager:
- Assesses and records risk findings () and recommends appropriate mitigating controls and manages risk remediation efforts.
- Manage and provide relevant information to external parties with regards to cyber security insurance.
- Develop, implement and maintain appropriate company policies relevant to the IT security area.
People and Processes:
- Plan and conduct user awareness training.
- Develop user guidelines and best practice articles. Promote these to users.
- Conduct internal audit processes to ensure compliance to policies and procedures.
Budget and Financial Controls:
- Assist with compiling budgets as required
- Obtain management approval and sign-off before implementation
- Liaise with finance to ensure adherence to financial framework
- Strict monitoring and control of budgets and costs of all service providers, internal functions and support services
- Report back on actual vs budgeted costs
- Regular feedback on financial performance as agreed from time to time
Staff
- Perform all performance evaluations of subordinates
- Identify needs for recruiting, training & coaching of employees and communicate job expectations and provide input to GCIO
- Implement agreed personal development plans and ensure regular training and skills development takes place.
Desired Skills: