Information Security Officer

Reference: 5943 CDS
Consultant: Carina de Swardt

Job Description:

  • Develop, implement, and monitor a strategic, comprehensive enterprise information security and IT risk management program to ensure that business, clients and staff information assets are adequately protected.
  • Work directly with the business units to facilitate risk assessment and risk management processes.
  • Develop and enhance an information security management framework.
  • Understand and interact with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems, and services.
  • Provide information security leadership to the business and Technology By Design team.
  • Partner with business stakeholders across the company to raise awareness of information risk management concerns and trends.
  • Assist with the overall business technology planning, providing a current knowledge and future vision of technology and systems based on cyber trends and information
  • Educate staff, partners and clients about computer / mobile security and promote security awareness and security best practice protocols.
  • IT security systems administration – Act as system administrator for a variety of security-related systems, including but not limited to intrusion detection and prevention devices, connection loggers, vulnerability scanners, and network monitoring devices.
  • Ensure security is embedded in IT Systems and Network Infrastructure (Mobile, IS and Enterprise) across organization.
  • Ensuring compliance and adherence to governing laws: POPIA and GDPR.
  • Ensuring that technologies, processes, and policies are aligned to industry best practices and ISO 27001.
  • Assist business units with information security risk assessments and external partner alignment to information security best practices.
  • Choose, implement, monitor and upgrade computer anti-virus and malware protection systems.
  • Upgrade systems regularly to remain competitive in the field of security.
  • Communicate the system status and keep users informed of downtime or changes and improvements to the systems.
  • Create and maintain appropriate documentation and processes.
  • Finding the best way to secure the IT infrastructure of an organization.
  • Identifying vulnerabilities in our current network.
  • Developing and implementing a comprehensive plan to secure our computing network.
  • Monitoring network usage to ensure compliance with security policies.
  • Keeping up to date with developments in IT security standards and threats.
  • Performing penetration, DR and backup tests to find any flaws.
  • Collaborating with management and the rest of Technology By Design team to improve security.
  • Documenting any security breaches and assessing their damage.
  • Educating colleagues about security software and best practices for information security.
  • Identify and develop areas where information security policies and procedures require creation or update; confer with management, developers, auditors, facilities and other business unit personnel to identify and security for data, software applications, hardware, telecommunications, and computer installations.
  • Plan, design and audit policies and procedures which safeguard the integrity of and access to systems and electronic information to guard information against accidental or unauthorized modification, destruction or disclosure.
  • Provide risk assessment and security briefings related to security issues; manage IT security awareness programs and activities, and advise resource owners on formation of appropriate security policies.
  • Provide education, awareness and training to community members.
  • Provide overall security program strategic direction to improve the information security posture and assurance level of the organization.
  • Assist in establishing clearly defined and documented scope, objectives, approach, plans and resource requirements.
  • Lead other staff members in the program design and to effect initiatives, programs or projects to meet those management and business objectives.
  • Make recommendations for improving controls and practices to reduce risks related to information security.
  • Assist with development and maintenance of Service Level Agreements and Operating Level Agreements.
  • Other duties as assigned.

Qualifications:

  • Information technology degree in the field of computer science or information security
  • 3+ years’ Information security-related work experience,
  • Knowledge of common information security management frameworks, such as ISO/IEC 27001 and NIST.
  • Knowledge of patch management, firewalls and intrusion detection/prevention systems (e.g. SCCM)
  • Knowledge and experience of Information Security Risk and Security governance CCNA, CISSP, CISM or related certification is advantageous.
  • Knowledge of working with Information security tool (e.g. Firewalls, Antivirus, Network monitoring tool)
  • Experience dealing with Information Security Audits
  • Experience working with stakeholders
  • Strong process methods
  • Provide Cyber Security Guidance across functions and regions.
  • Drive remediation activities across the organisation offices
  • Extensive experience in Information Technology, with a background in Security and Compliance
  • Professional information security certification.
  • Solid knowledge of various information security frameworks.
  • Excellent problem-solving and analytical skills.
  • Ability to educate a non-technical audience about various security measures.
  • Effective verbal and written communication skills.

How to Apply:

  • Email your comprehensive CV to exceedhr@exceed.co.za.
  • If you are already registered, please forward your CV and the relevant reference number to the consultant with whom you are currently registered in order to avoid duplicity on our system.
  • We reserve the right to only conduct interviews with candidates of choice.
  • Applicants who have not received feedback within 30 days from the closing date must please accept their application as unsuccessful.

To apply for this job email your details to exceedhr@exceed.co.za