Head - Information Security

Head Information Security

- Develop, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program to ensure that the integrity, confidentiality and availability of information is owned, controlled or processed by the organization.

- Manage the enterprise's information security organization, consisting of direct reports and indirect reports (such as individuals in business continuity and IT operations). This includes hiring, training, staff development, performance management and annual performance reviews.

- Facilitate information security governance through the implementation of a hierarchical governance program, including the formation of an information security steering committee or advisory board.

- Develop, maintain and publish up-to-date information security policies, standards and guidelines.

- Oversee the approval, training, and dissemination of security policies and practices.

- Create, communicate and implement a risk-based process for vendor risk management, including the assessment and treatment for risks that may result from partners, consultants and other service providers.

- Develop and manage information security budgets, and monitor them for variances.

- Create and manage information security and risk management awareness training programs for all employees, contractors and approved system users.

- Work directly with the business units to facilitate IT risk assessment and risk management processes, and work with stakeholders throughout the enterprise on identifying acceptable levels of residual risk.

- Provide regular reporting on the current status of the information security program to enterprise risk teams, senior business leaders and the board of directors as part of a strategic enterprise risk management program.

- Create a framework for roles and responsibilities with regard to information ownership, classification, accountability and protection.

- Develop and enhance an information security management framework based on the National Information Assurance Policy

- Provide strategic risk guidance for IT projects, including the evaluation and recommendation of technical controls.

- Liaise with the enterprise architecture team to ensure alignment between the security and enterprise architectures, thus coordinating the strategic planning implicit in these architectures.

- Coordinate information security and risk management projects with resources from the IT organization and business unit teams.

- Ensure that security programs comply with relevant laws, regulations and policies to minimize or eliminate risk and audit findings.

- Define and facilitate the information security risk assessment process, including the reporting and oversight of treatment efforts to address negative findings.

- Manage security incidents and events to protect corporate IT assets, including intellectual property, regulated data and the company's reputation.

- Monitor the external threat environment for emerging threats, and advise relevant stakeholders on the appropriate courses of action.

- Develop and oversee effective disaster recovery policies and standards to align with enterprise business continuity management program goals.

- Coordinate the development of implementation plans and procedures to ensure that business-critical services are recovered in the event of a security event. Provide direction, support and in-house consulting in these areas.

- Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation, and increase the maturity of the security.

- Understand and interact with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems and services, including, but not limited to, privacy, risk management, compliance and business continuity management.

Security Liaison

- Liaise among the information security team and corporate compliance, audit, legal and HR management teams as required.

- Liaise with external agencies, such as law enforcement and other advisory bodies as necessary, to ensure that the organization maintains a strong security posture.

- Assist resource owners and IT staff in understanding and responding to security audit failures reported by auditors.

- Work as a liaison with vendors and the legal and purchasing departments to establish mutually acceptable contracts and service-level agreements.

- Manage security issues and incidents, and participate in problem and change management forums. Ensuring timely reporting and adequate participation in investigation for ICT security incidents.

- Work with various stakeholders to identify information asset owners to classify data and systems as part of a control framework implementation.

- Work with the IT and business stakeholders to define metrics and reporting strategies that effectively communicate successes and progress of the security program.

Architecture/Engineering Support

- Consult with IT and security staff to ensure that security is factored into the evaluation, selection, installation and configuration of hardware, applications and software.

- Recommend and coordinate the implementation of technical controls to support and enforce defined security policies.

- Research, evaluate, design, test, recommend or plan the implementation of new or updated information security hardware or software, and analyze its impact on the existing environment; provide technical and managerial expertise for the administration of security tools.

- Work with the enterprise architecture team to ensure that there is a convergence of business, technical and security requirements; liaise with IT management to align existing technical installed base and skills with future architectural requirements.

- Develop a strong working relationship with the security engineering team to develop and implement controls and configurations aligned with security policies and legal, regulatory and audit requirements. Operational Support

- Coordinate measure and report on the technical aspects of security management.

- Manage outsourced vendors that provide information security functions for compliance with contracted service-level agreements.

- Manage and coordinate operational components of incident management, including detection, response and reporting.

- Maintain a knowledgebase comprising a technical reference library, security advisories and alerts, information on security trends and practices, and laws and regulations.

- Manage the day-to-day activities of threat and vulnerability management, identify risk tolerances, recommend treatment plans and communicate information about residual risk.

- Ensure audit trails, system logs and other monitoring data sources are reviewed periodically and comply with policies and audit requirements.

- Design, coordinate and oversee security-testing procedures to verify the security of systems, networks and applications, and manage the remediation of identified risks.

Qualification And Experience:

1. A minimum of 20 years of IT experience, with five years in an information security role and at least two years in a supervisory capacity

2. Strong leadership skills and the ability to work effectively with business managers, IT engineering and IT operations staff.

3. The ability to interact with Co's personnel, build strong relationships at all levels and across all business units and organizations, and understand business imperatives.

4. Knowledge and understanding of relevant legal and regulatory requirements.

5. Previous experience in IT Operations/ Helpdesk Management, Cloud deployments, DevOps & end to end ITIL services

6. Experience in deploying, provisioning & managing high throughput & availability services on Azure, AWS & Google

7. Excellent business acumen and interpersonal skills; able to work across business lines at senior levels to engage, influence and effect change to achieve common goals.

8. Analytical skills: outstanding analytical and problem-solving abilities

9. Demonstrates an understanding of the existing systems and technologies of the organizations. Works with technology stakeholders to identify and prioritize opportunities for innovation in the existing systems and technology.

10. Excellent written, verbal, communication and presentation skills with the ability to articulate new ideas and concepts to technical and nontechnical audiences.

11. Excellent planning and organizational skills with Knowledge of business models, operating models, financial models, cost-benefit analysis, budgeting and risk management.

12. Understand and speak the language of the business.

Remuneration:

An outstanding remuneration package that rewards professionalism and diligence will be on offer for the successful applicant as well as a well-defined career path. An excellent package will be on offer for the right candidate, including an above industry base salary for the right person as well as the most complete employee benefit scheme. Don't miss out on this opportunity to join the market leader.