Job Description

Key Responsibilities: * Strategic Leadership and Governance

• Develop and implement a comprehensive information security strategy that aligns with business goals and risk appetite.
• Lead the creation and execution of policies, processes, and standards to ensure the highest level of cybersecurity across the organization.
• Serve as the primary advisor on all cybersecurity matters to the executive team, board of directors, and key stakeholders.
• Ensure that information security strategies comply with regulatory requirements (e.g., GDPR, POPI, etc.) and are consistent with best practices.
• Report on the status of information security risks, threats, and controls to senior management and board members.
• Risk Management and Incident Response

• Oversee the identification, assessment, and management of cybersecurity risks, including internal and external threats, vulnerabilities, and third-party risks.
• Lead the development and implementation of an incident response plan, ensuring that security incidents are promptly detected, analyzed, mitigated, and reported.
• Drive a culture of continuous improvement by ensuring proactive identification and mitigation of emerging cybersecurity threats.
• Cybersecurity Operations & Threat Intelligence

• Manage a security operations team responsible for day-to-day monitoring, detection, and response to security threats.
• Utilize advanced threat intelligence tools to detect and neutralize threats across the organizations systems and networks.
• Collaborate with other teams to identify and address vulnerabilities through regular penetration testing, audits, and threat assessments.
• Team Development and Leadership

• Build and mentor a high-performing team of cybersecurity professionals, providing guidance and career development opportunities.
• Foster a culture of security awareness and ensure that employees at all levels understand their role in safeguarding information and digital assets.
• Collaborate with internal teams, including IT, legal, compliance, and business units, to ensure effective cybersecurity implementation.
• Vendor and Third-Party Security

• Oversee the evaluation, selection, and management of third-party vendors and service providers to ensure their cybersecurity practices meet the organizations standards.
• Conduct regular risk assessments of third-party relationships and ensure that appropriate security controls are in place for all external partners.
• Compliance and Auditing

• Ensure that the organization is compliant with relevant industry standards, regulations, and frameworks, such as ISO 27001, NIST, SOC 2, etc.
• Lead internal and external audits to evaluate and strengthen the effectiveness of the organizations cybersecurity practices.
• Report on security compliance to internal and external auditors, as well as regulatory authorities.

Key Performance Indicators (KPIs):

• Reduction in security incidents and breaches over time.
• Successful completion of regular security audits and assessments.
• Achievement of compliance with applicable laws and regulations.
• Successful implementation of cybersecurity programs and initiatives.
• Improvement in overall organizational security posture and risk mitigation.

Qualifications and Experience: Education and Certification:

• Bachelors degree in Computer Science, Information Technology, or a related field (Master's degree preferred).
• Industry-recognized certifications, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified Information Systems Auditor (CISA).
• Relevant certifications in IT governance, risk management, and incident response (e.g., CISA, CRISC, CISM).

Experience:

• Minimum of 10 years of experience in cybersecurity, with at least 5 years in a leadership role.
• Proven experience in managing and implementing information security programs for large, complex organizations.
• Strong understanding of regulatory requirements and compliance frameworks related to information security and data privacy (e.g., GDPR, POPI, SOX).
• Experience in leading incident response and crisis management efforts, including coordinating with law enforcement and legal teams.
• Demonstrated experience in managing a security operations team and aligning security initiatives with business goals.

Skills and Competencies:

• Leadership: Ability to inspire and lead teams, develop talent, and drive security initiatives at all levels of the organization.
• Strategic Thinking: Ability to develop and execute long-term cybersecurity strategies that align with organizational goals.
• Communication: Strong verbal and written communication skills, with the ability to present complex security issues to non-technical stakeholders.
• Problem Solving: Proven ability to analyze and address complex security challenges in a fast-paced environment.
• Business Acumen: Understanding of how security risks intersect with business objectives, ensuring security efforts drive business value.
• Collaboration: Strong interpersonal skills with the ability to work across departments and influence key stakeholders.

JobPlacements.com