Head of IT Security
- South Africa
- Sabenza IT
Job DescriptionHead of IT Security IT
JOB DESCRIPTION HEAD OF INFORMATION SECURITY PRIMARY FUNCTION OF ROLE The Head of Information Security drives the design and implementation of the Information Security strategy across the business, including all locations. The role manages the overall Security Posture, Policy Design and Implementation, and Information Security Governance and Compliance for the company. The role will be required to keep abreast of developing security threats, keep ahead of security needs by implementing programs or projects that mitigate risks and provide real-time analysis of immediate threats, and triage when something goes wrong. The role drives internal awareness of information security, assisting employees and senior management in understanding potential security problems in the organisation or external. An additional focus area will be a consulting role to the company clients, in assisting them in the planning of their server infrastructure and security layers. This is a hands-on role requiring direct experience in guiding a business and technology teams in how to ensure the security, integrity, and governance of information assets. The role will report into the Chief Technology Officer. QUALIFICATIONS AND EXPERIENCE REQUIRED o Relevant tertiary qualification o 5+ years 'experience as Information Security Officer, Information Security Manager, Information Security Consultant, or similar role. o 5+ years 'experience across a broad spectrum of Information Security domains, which should include Cyber Security, Security Risk Management, Policy creation and implementation, Compliance and Regulatory Compliance, Data protection, Access Controls, Risk and Incident Management, Secure System Development and Cloud security. o Experience with servers, systems, network security and IAM technologies. o Experience with Cloud Technologies (Azure and AWS specifically) o Knowledge of software development, in particular secure coding practices o Experience with ISO27001 o An Information Security Certification will be an advantage o Experience in Financial Services sector, preferably Insurance will be an advantage. SKILLS REQUIRED o Excellent commercial and communication experience, with the ability to engage with internal and external stakeholders across all levels of a business. o Strong presentation skills, with the ability to influence across senior levels of the business (both internally and externally) o Strong interpersonal and relationship building skills. o Strong negotiation and conflict management skills. o Highly analytical, with strong investigation and problem-solving skills. o Self-motivated, resilient, and adaptable. o High aptitude for learning (a life-long learner). INTERNAL TRAINING REQUIREMENTS o CBT introductory training o Ski-Introductory training Security Initiatives and Architecture o Design and implementation of the Information Security Strategy and roadmap. o Implements, manages, and monitors all Information Security initiatives throughout the business. o Management of the ISMS and serving as Chair for ISMS meetings. o Management of the Information Security Risk Register. Policy and Process o Design and implement baseline security configuration policies, standards, and guidelines. o In collaboration with the development teams, ensure secure development and configuration standards and practices, and monitor adherence. Cyber Security
- Oversight of the perimeter and e-mail security configuration (Firewall, Web Application Firewall, Darktrace, Office 365, etc.)
- Oversight of the endpoint, cloud, web, and server security.
- Design, Implement and enforce Security Policies
- Oversight of the data encryption technologies
- Attend industry conferences
- Identify and mitigate risks
- Manage incidents according to the incident policy
- Liaise with Law Enforcement and External Parties
- Plug holes related to a breach
- Manage the security awareness program
- Prepare and Execute Phishing Tests
- Remain current with security trends and threat intelligence.
- Educating the business, including executive management on all matters pertaining to information security. Oversee the awareness training programmes.