Please exercise due diligence when applying for this job vacancy.
Accountable for creating Information & Security and Compliance policies and assuring these are being met – infrastructure and application based. Linked to the Internal Audit and Compliance & Risk function. Independent from the delivery of services - all aspects of IT security – applications, infrastructure, legal and regulatory requirements
• Manages and enhances the Group’s security, risk and governance strategy in a manner that supports the business priorities.
• Contributes to the development of the Group’s IT plan through driving the implementation of the overall Information Security, Risk & Governance strategy.
• Identifies and monitors relevant department KPI’s, sets targets, monitors performance against plan and initiates remedial actions in case of discrepancy between actual and expected performance.
• Develops updates and monitors compliance with relevant sections of the IT policies and procedures manual as well as compliance with the relevant department Delegation of Authority Matrix.
• Liaises with the Senior IT Director and other internal stakeholders to develop and implement the company’s overall IT strategy and plan.
• Conducts the information security risk assessment program. Reviews compliance with the information security policy and associated procedures.
• Analyses and reports various risk management data, including key risk indicators, identifies trends, provides process oversight, executes supporting tasks, and assures quality and integrity of risk assessments.
• Develops IS security policy for new applications and services.
• Supports IT Operations & Applications Manager with matters pertaining to project initiations and cancellations.
• Maintains a budget and forecast for the IS team and the security monitoring environment and reports on performance against SLAs and budget.
• Maintains awareness of data protection legislation (if applicable) and ensures that security measures adequately protect staff, client and supplier information.
• Actively supports the Senior Director of IT in discussions with the business over security risks and requirements. This will involve advising on the risk and investment implications of changes to service levels.
• Maintains adequate security protection at all points of internal and external threat to the integrity of Group’s systems and data.
• Monitors and oversees all infrastructure, data and network security. Maintains ‘real time’ reporting to the Service Desk and where required to the Service Managers.
• Manages the information security functions in accordance with established IT policies and guidelines.
• Manages and co-ordinates actions with relevant IT personnel to address breaches in security.
• Manages overall Information Security matters pertaining to data retention, loss prevention, access to information, and threats and vulnerability.
• Conducts security training and awareness.
• Participates in external Information Security forums to incorporate current best practice.
• Provides periodic reporting on information security issues to the Senior IT Director.
• Conducts security orientation and security awareness programs with end business users.
• Establishes and maintains logical security to segregate development, test and production environments to ensure adequate protection from unauthorised or accidental access or damage.
• Maintains security management design in line with IS Strategy and business unit needs.
• Maintains records of security-related change requests.
• Provides impact analysis of security-related change requests.
• Implements security related change requests.
• Develops and motivates team with sufficient skills to enable overall logical and physical IS security requirements to be achieved across the current and planned IT architecture.
COMMUNICATIONS & WORKING RELATIONSHIPS
• Regular communication with relevant functions to address security, risk and compliance related issues
• Suppliers & External Users – reporting on security requirements for services supplied to or by vendors and specification of security requirements
Bachelor’s Degree in Computer Science or Related discipline.
• CISSP, PMP, CISM, ITIL certifications are highly desirable
• 5-6 years in IT Security.
• Experience of creating detailed IS security policies and standards
• Ability to assess risk and conduct IT Risk Assessments
• Excellent communication skills – written and verbal – to deal with top IT and Business management when developing cost case for investment in infrastructure or business projects and providing feedback on incidents and their resolution.
• Track record of managing IS security of a similar nature in a regulated industry and achieving high levels of performance and customer satisfaction
• Significant technical and conceptual knowledge and experience of security across a wide range of infrastructures and application systems.
Send CV to: firstname.lastname@example.org