Please exercise due diligence when applying for this job vacancy.
Accountable for creating Information & Security and Compliance policies and assuring these are being met – infrastructure and application based, supported by the Director. Linked to the Internal Audit and Compliance & Risk function. Independent from the delivery of services - all aspects of IT security – applications, infrastructure, legal and regulatory requirements
Conducts the information security risk assessment program. Reviews compliance with the information security policy and associated procedures.
• Analyses and reports various risk management data, including key risk indicators, identifies trends, provides process oversight, executes supporting tasks, and assures quality and integrity of risk assessments.
• Develops IS security policy for new applications and services.
• Supports IT Operations & Applications Manager with matters pertaining to project initiations and cancellations.
• Maintains a budget and forecast for the IS team and the security monitoring environment and reports on performance against SLAs and budget.
• Maintains awareness of data protection legislation (if applicable) and ensures that security measures adequately protect staff, client and supplier information.
• Actively supports the Senior Director of IT in discussions with the business over security risks and requirements. This will involve advising on the risk and investment implications of changes to service levels.
• Maintains adequate security protection at all points of internal and external threat to the integrity of Group’s systems and data.
• Monitors and oversees all infrastructure, data and network security. Maintains ‘real time’ reporting to the Service Desk and where required to the Service Managers.
• Manages the information security functions in accordance with established IT policies and guidelines.
• Manages and co-ordinates actions with relevant IT personnel to address breaches in security.
• Manages overall Information Security matters pertaining to data retention, loss prevention, access to information, and threats and vulnerability.
• Conducts security training and awareness.
• Participates in external Information Security forums to incorporate current best practice.
• Provides periodic reporting on information security issues to the Senior IT Director.
• Conducts security orientation and security awareness programs with end business users.
• Establishes and maintains logical security to segregate development, test and production environments to ensure adequate protection from unauthorised or accidental access or damage.
• Maintains security management design in line with IS Strategy and business unit needs.
• Maintains records of security-related change requests.
• Provides impact analysis of security-related change requests.
• Implements security related change requests.
• Develops and motivates team with sufficient skills to enable overall logical and physical IS security requirements to be achieved across the current and planned IT architecture.
Bachelor’s Degree in Computer Science or Related discipline.
• RCSA, CIA, CISSP, PMP, CISM, ITIL certifications are highly desirable
• 5-6 years in Risk Management.
• Experience of creating detailed IS security policies and standards
• Ability to assess risk and conduct IT Risk Assessments
• Excellent communication skills – written and verbal – to deal with top IT and Business management when developing cost case for investment in infrastructure or business projects and providing feedback on incidents and their resolution.
• Track record of managing IS security of a similar nature in a regulated industry and achieving high levels of performance and customer satisfaction
• Significant technical and conceptual knowledge and experience of security across a wide range of infrastructures and application systems.
Interested and qualified person should forward CV to :firstname.lastname@example.org