Detail:Responsibilities:
Operational
Ensure that all policies developed are in line with contractual, legislative and industry best practice Ensure that all policy exceptions are documented and tracked through their risk life cycle Drive implementation and policy compliance across all business units Create and rollout an awareness program Define and measure metrics to ensure awareness programs are effective Establish and implement an information security risk management framework Manage and maintain an information security risk register that document, evaluates, and tracks all information security risks and feeds into the organisational risk register Oversee, identify, and manage all related operational costs in accordance with financial policies, procedures, processes, prescribed schedule of payments, procurement and subcontractor management policies and procedures Establish and maintain appropriate internal controls and reporting systems to meet performance expectations Ensure operating efficiencies through enhanced resource management and budget control Key Service area
Ensure that there are regular information security audits and penetration testing on various levels of application, database, policy etc Ensure that all contracted security requirements are fulfilled Control the management of organisational risks through monitoring and reporting mechanisms Review the Business Continuity and Disaster Recovery plans annually to ensure all tasks are correctly assigned and are implementable by designated personnel Monitor compliance of organisational policies and procedures and adherence to all statutory and regulatory requirements prescribed for overall corporate governance Reporting
Compile and submit reports on policy compliance levels per business unit Compile and submit Information Security Management report to SSC Compile and submit report information security risks and remediation plans People Management
Manage employees directly under supervision and to maintain effective utilisation and discipline required to achieve business objectives Create an enabling environment that facilitates effective performance by direct reports and instilling behaviour that supports the organisational values Provide access to skills development and capacity building opportunities
Requirements:
Matric Relevant undergraduate degree/diploma and/or certificate Certification or completion of CISSP, CISM, CISA, ISO/ IEC 27001 Lead Implementor and/or CompTIA Security+ Strong technical background in systems and network security Project Management skills (ability to plan, organize, coordinate, and implement) Experience in compilation of management reports Understanding of, and practical experience of applying the Data Protection Act, the Freedom of Information Act and other related legislation, standards and codes of practice