Promote and manage IT security and privacy awareness training and education for administrators, teachers, and staff, as well as create proper security incident notification protocols.
Promotes the company's culture, purpose, vision, and basic values.
Must be able to transform the business's IT-risk-based needs and restrictions into technical control requirements and specifications, as well as generate metrics for continuous performance and management.
Coordinates technical operations within the IT organization to develop and manage the IT security infrastructure, as well as providing management with frequent status and service-level reports.
Strategic & Operational Support:
Develop, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program to ensure that information assets are adequately protected.
Work directly with the business units to facilitate risk assessment and risk management processes.
Work closely with the Head of IT and regional IT Team to ensure that IT security measures are built into all internal, interfaced and 3rd party systems housing confidential/private data.
Develop and enhance an information security management framework
Understand and interact with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems, and services
Provide leadership to the enterprise's information security organisation
Partner with business stakeholders across the company to raise awareness of risk management concerns
Assist with the overall business technology planning, providing current knowledge and future vision of technology and systems.
Provide a coordinated response to sophisticated cyber-attacks; detect threats and establish appropriate defensive mechanisms, review system modifications for security implications, and recommend upgrades.
Conduct vulnerability assessments to detect current or possible breaches of electronic data and information systems, as well as their origins; coordinate IT investigations with relevant audit, regulatory, and law enforcement organisations.
Proactively monitor systems reports for access control violations/intrusion detection, cybersecurity concerns, and malware threats.
Maintain an information security knowledgebase, including security advisories and warnings for both IT and the broader employee population.
Ensure that audit trails, system logs, and other monitoring data sources are checked on a regular basis and adhere to policies.
Security Liaison:
Assist employees and IT departments in recognizing and addressing security issues and security audit concerns.
Work with department leaders from IT, HR, Marketing, Compliance, and Finance to educate them on security risks and controls, as well as discover new risks and suitable controls.
Collaborate with the Head of IT and the IT team to create, report, and monitor a security performance dashboard for the IT Management Committee and IT regions.
People Management:
Managing the day-to-day activities of the Security team.
Motivating the team to achieve organizational goals.
Delegating tasks to team members.
Conducting training of team members to maximize their potential.
Empowering team members with skills to improve their confidence, product knowledge, and communication skills.
Conducting quarterly and annual performance reviews.
Requirements
University degree in the field of computer science and information security
Honours Degree Would be an advantage
3+ years security-related or ISM work experience,
Knowledge of common information security management frameworks, such as ISM/IEC 27001 and NIST.
Knowledge and experience of Information Security Risk and Security Governance
CISSP, CISM or related certification is a definite plus.