Job Description

JOB DESCRIPTION:Job Title: Information Security Manager (ISM)
Job Type: Permanent
Job Industry: NGO - Heath Sector
Location: Parktown, JohannesburgMAIN JOB PURPOSE:The Information Security Officer (ISM) is accountable for ensuring appropriate controls are in place for the security of information assets. The ISM safeguards information by seeing that security risks are identified, assessed, and accurately reported.Additionally, the ISM is charged with ensuring local procedures and activities comply with all regulatory requirements and internal policies, procedures, guidelines, and standards. The ISM is the centre of competence for Information Security, providing an advisory services role and acting as the focal point for security compliance-related activities and responsibilities.KEY DUTIES AND RESPONSIBILITIES:1. Essential Duties & Responsibilities:

• Promote and manage IT security and privacy awareness training and education for administrators, teachers, and staff, as well as create proper security incident notification protocols.
• Promotes the company's culture, purpose, vision, and basic values.
• Must be able to transform the business's IT-risk-based needs and restrictions into technical control requirements and specifications, as well as generate metrics for continuous performance and management.
• Coordinates technical operations within the IT organisation to develop and manage the IT security infrastructure, as well as providing management with frequent status and service-level reports.

2. Strategic & Operational Support:

• Develop, implement, and monitor a strategic, comprehensive enterprise information security and IT risk management program to ensure that information assets are adequately protected.
• Work directly with the business units to facilitate risk assessment and risk management processes.
• Work closely with the Head of IT and regional IT Team to ensure that IT security measures are built into all internal, interfaced and 3rd party systems housing confidential/private data.
• Develop and enhance an information security management framework
• Understand and interact with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems, and services
• Provide leadership to the enterprise's information security organisation.
• Partner with business stakeholders across the company to raise awareness of risk management concerns
• Assist with the overall business technology planning, providing current knowledge and future vision of technology and systems.
• Provide a coordinated response to sophisticated cyber-attacks; detect threats and establish appropriate defensive mechanisms, review system modifications for security implications, and recommend upgrades.
• Conduct vulnerability assessments to detect current or possible breaches of electronic data and information systems, as well as their origins, coordinate IT investigations with relevant audit, regulatory, and law enforcement organisations.
• Proactively monitor systems reports for access control violations/intrusion detection, cybersecurity concerns, and malware threats.
• Maintain an information security knowledgebase, including security advisories and warnings for both IT and the broader employee population.
• Ensure that audit trails, system logs, and other monitoring data sources are checked on a regular basis and adhere to policies.

3. Security Liaison:

• Assist employees and IT departments in recognizing and addressing security issues and security audit concerns.
• Work with department leaders from IT, HR, Marketing, Compliance, and Finance to educate them on security risks and controls, as well as discover new risks and suitable controls.
• Collaborate with the Head of IT and the IT team to create, report, and monitor a security performance dashboard for the IT Management Committee and IT regions.

4. People Management:

• Managing the day-to-day activities of the Security team.
• Motivating the team to achieve organizational goals.
• Delegating tasks to team members.
• Conducting training of team members to maximize their potential.
• Empowering team members with skills to improve their confidence, product knowledge, and communication skills.
• Conducting quarterly and annual performance reviews.

QUALIFICATIONS, SKILLS, AND EXPERIENCE REQUIREMENTS:1. Minimum Qualification and Knowledge:

• University degree in the field of computer science and information security
• Honours Degree Would be an advantage
• 3+ years security-related or ISM work experience,
• Knowledge of common information security management frameworks, such as ISM/IEC 27001 and NIST.
• Knowledge and experience of Information Security Risk and Security Governance
• CISSP, CISM or related certification is a definite plus.

2. Essential Skills & Experience:

• Experience dealing with Audits.
• Experience working with stakeholders.
• Strong process methods.
• Provide Cyber Security Guidance across functions and regions.
• Drive remediation activities across all offices.
• Extensive experience in Information Technology, with a background in Security and Compliance.

PACKAGE & REMUNERATION:

• Will be agreed based on qualifications, applicable experience, and previous earnings.

ExecutivePlacements.com