Information Security Officer
LINKFIELDS INNOVATIONS (PTY) LTD
- Kimberley, Northern Cape
- Permanent
- Full-time
- Develop information security plans aligned with business goals and objectives.
- Identify current and potential legal and regulatory requirements affecting information security.
- Identify drivers affecting the company (e.g., technology, business environment, risk tolerance, geographic location) and their impact on information security.
- Obtain senior management commitment to information security.
- Define roles and responsibilities for information security throughout the company.
- Establish internal and external reporting and communication channels that support information security.
- Establish a process for information asset classification and ownership.
- Implement a systemic and structured information risk assessment process.
- Ensure that business impact assessments are conducted periodically.
- Ensure that threat and vulnerability evaluations are performed on an ongoing basis.
- Identify and periodically evaluate information security controls and countermeasures to mitigate risk to acceptable levels.
- Integrate risk, threat and vulnerability identification and management into life cycle processes (e.g., procurement).
- Report significant changes in information risk to appropriate levels of management for acceptance on both a periodic and an event-driven basis.
- Develop and maintain plans to implement the information security strategy.
- Ensure alignment between the information security program and other assurance functions (e.g., physical, human resources, quality, IT).
- Identify internal and external resources (e.g., finances, people, equipment, systems) required to execute the security program.
- Ensure the development of information security architectures (e.g., people, processes, technology).
- Establish, communicate, and maintain information security policies that support the security strategy.
- Design and develop a program for information security awareness, training, and education.
- Ensure the development, communication and maintenance of standards, procedures, and other documentation (e.g., guidelines, baselines, codes of conduct) that support information security policies.
- Integrate information security requirements into the company processes (e.g., change control, mergers, and acquisitions) and life cycle activities (e.g., development, employment, procurement).
- Develop a process to integrate information security controls into contracts (e.g., with joint ventures, outsourced providers, business partners, customers, third parties).
- Establish metrics to evaluate the effectiveness of the information security program.
- Manage internal and external resources (e.g., finances, people, equipment, systems) required to execute the information security program.
- Ensure that processes and procedures are performed in compliance with the companys information security policies and standards.
- Ensure the performance of contractually agreed (e.g., with joint ventures, outsourced providers, business partners, customers, third parties) information security controls.
- Ensure that information security is an integral part of the systems development processes and acquisition processes.
- Ensure that information security is maintained throughout the company's processes and life cycle activities.
- Provide information security advice and guidance (e.g., risk analysis, control selection) in the company.
- Provide information security awareness, training, and education (e.g., business process owners, users, information technology) to stakeholders.
- Monitor, measure, test and report on the effectiveness and efficiency of information security controls and compliance with information security policies.
- Ensure that noncompliance issues and other variances are resolved in a timely manner.
- Develop and implement processes for preventing, detecting, identifying, analyzing, and responding to information security incidents.
- SPU REFERENCE: RFQ: SPU-CIO-MS-2024-01
- Develop plans to respond to and document information security incidents.
- Establish the capability to investigate information security incidents (e.g., forensics, evidence collection and preservation, log analysis, interviewing).
- Develop a process to communicate with internal parties and external organizations (e.g., media, law enforcement, customers).
- Integrate information security incident response plans with the company disaster recovery and business continuity plan.
- Organize, train, and equip teams to respond to information security incidents.
- Periodically test and refine information security incident response plans.
- Manage the response to information security incidents.
- Conduct reviews to identify causes of information security incidents, develop corrective actions and reassess risk.
- Relevant Degree/Diploma in ICT. CISA certification advantageous
- Willingness to work outside normal hours.
- 5 to 7 years of related experience.
- Proficiency with enterprise information systems, file servers, networked data storage, application software, scripting and programming languages, data communication devices, and disaster recovery utilities
- Knowledge of current systems and network technologies and standards and their practical application in the enterprise environment
- Good understanding of IT Governance frameworks and legislation
ExecutivePlacements.com