Information Security Officer
- Johannesburg, Gauteng
- Permanent
- Full-time
- 7 years’ experience in Technology Security or Risk Management roles of which should include:
- 4 years in Technology Policy writing.
- 4 years’ experience in designing, implementing and closing Technology general control gaps.
- 3 years’ experience in directly assessing and communicating Risk Exposures and developing risk mitigation plans.
- 3 years’ experience in coordinating large projects or initiatives across multiple areas.
- 4 years’ experience in people management, including coaching and mentoring.
- IT Bachelor’s Degree or Degree in Computer Science or IT Best practise.
- Professional Registration or Membership- Information Security Forums, ISACA, ISC2 would be advantageous.
- Security related certification- advantageous.
- Implement the Technology Strategy & Innovation for your area of responsibility.
- Organize outputs aligned to the Technology risk strategy, internal controls and budget of internal resourcing and partnerships to assure Technology Compliance to best practise and regulatory compliance.
- Execute Analysis & Planning Activities.
- Research, develop and maintain a knowledge base of the IT threat landscape, security trending, regulatory requirements, mobile and other new technologies to mitigate and plan against threats.
- Implement the Design for your Area of Responsibility.
- Design and manage a roadmap for information security related to internal controls, compliance, regulatory and a proactive risk mitigation plan for the Technology department.
- Implement & execute on activities within your area of responsibility.
- Build and measure business relationships with key internal and external stakeholders to proactively consult and mitigate security threats.
- Develop and maintain an internal security audit framework to implement standards toward zero downtime and zero audit findings.
- Ensure risk and quality management.
- Consolidate and review monthly payments to vendor providing an analysis on the spend.
- Drive the proactive audit framework and compliance.
- Implement and manage the technology self-audit framework.
- Create and manage partnerships to manage, maintain and optimise Technology Risks toward a future focused innovative Strategy.
- Create awareness of IT Security good practices to the IT end user and technical community.
- Measure the effectiveness of the awareness plan through sampling, surveys, tests, attendance registers or change management initiatives.
- Create a Conductive environment which translates into productivity and high morale.
- Act as a change management architect in periods of change to ensure continuity to operations.