Introduction
Please do not contact any of the recruiters directly.
Should your CV be successful, we will be in contact.
If you have not received feedback in 2 weeks, please consider your application unsuccessful.
Desired Experience & Qualification
IT Security and GRC Manager
Location: Johannesburg, Gauteng
Salary: +/- 1.25 Mil Pa Depending on experience
The core purpose of the role is to establish and maintain a framework that provides assurance that information security and strategies are aligned with and support business objectives, are consistent with applicable laws and regulations through the adherence to policies and internal controls and provide assignment of responsibilities, all in an effort to manage risk.
The role also includes ensuring compliance with all the relevant privacy regulations, coordination of IT audits and playing a key supporting role when it comes to disaster recovery planning and testing.
Academic requirements
- 3-year Degree in Computer Science or Informatics
- CISSP, CISM
- ITIL Certification
Advantageous:
- Knowledge of ISO 27001/27002, NIST Cybersecurity Framework, POPIA.
- Critical technical and leadership-oriented IT security certifications, such as CISA, CRISC, CISSP, CISM, or equivalent.
- Established experience in planning, organizing, and developing IT security teams and strategy.
- Substantial exposure to data processing, hardware platforms, enterprise software applications and outsourced systems, with preference in Microsoft Technologies.
- Expertise in leveraging cloud-based solutions necessary to enable the distributed enterprise.
- Ability to instill confidence in the business and demonstrate the business value of IT.
- Effective influencing and negotiation skills in an environment where resources may not be in direct control of this role.
- Excellent analytical, strategic conceptual thinking, strategic planning and execution skills.
- Strong business acumen, including industry, domain-specific knowledge of the enterprise and its business units.
- Success in leveraging both traditional best practices, such as IT Service Management practices based on ITIL, as well as emerging methods like DEV/SEC/OPS that are optimized for agility.
- Demonstrated ability to develop and execute a strategic people plan that ensures that the right people are in the right roles at the right time and that employees are highly engaged and satisfied.
- Strong vendor management and partner relationship skills.
- 3 - 5 years proven track record in IT Security and GRC.
- 3 - 5 years experience in governing a Microsoft environment.
- 1 - 2 years in a senior leadership role, managing and growing a team within the IT Security and GRC.
- Experience in contract and vendor SLA management.
Knowledge
- Sound understanding of ITIL governance framework.
- Sound understanding of ISO security standards.
- Practical experience in the field of IT Security and GRC.
- Sound knowledge of relevant legislations and security/governance standards.
- Specialist understanding of:
- Email and Internet Security
- Threat and Vulnerability Management
- Firewall Management
- SIEM and SOC Management
- Identity and Access Management
Skills
- Good communication skills to persuade & influence others effectively at all levels (externally and internally).
- The ability to translate business requirements into technical solutions to provide direction and support to technical staff.
- Highly developed interpersonal skills to manage service provider network effectively, handle conflict, including sensitivity to diversity.
- Advanced critical and analytical thinking & problem-solving skills to perform in-depth analysis of the IT environment.
- Above average numeric reasoning skills to draw logical conclusions from numerical information.
- Ability to multi-task.
- Ability to perform duties independently and under pressure.
- Excellent verbal and written communication skills, including the ability to explain technical concepts and technologies to business leaders, and business concepts to the security workforce.
Personal Attributes
- Growing and nurturing relationships.
- Passion for optimizing business performance.
- Strong customer centricity.
- Passion for leading others and instilling our culture.
- Analyzing and solving problems.
- High sense of urgency.
- Proactive.
Key Deliverables and Outputs
1. Governance and Risk
- Maintain all IT policies and related processes for annual reviews, stakeholder vetting and relevant Committee approvals.
- Responsible for 3rd party security risk management and oversight.
- Responsible for contract reviews with potential technology providers to ensure negotiated agreements include critical Information Assurance terms and conditions.
- Works with the senior leadership team on the service portfolio and governance requirements.
- Serves on IT planning and policymaking committees; drives the development of enterprise security technology standards, governance processes and performance metrics to ensure the services consistently deliver value to the enterprise.
2. Security Governance
- Drive the implementation of an application that will map out, report on, enforce, and alert around security and controls violations.
- Drive the implementation of an Identity and Access Management solution, including SoD analysis and automation.
- Own and direct the organization’s approach to IT security.
3. Additional Duties and Responsibilities
- Draft and own all required and relevant IT policies, procedures and frameworks.
- Present all IT policies for Executive sign-off.
- Performing other duties or functions as requested by management.
Package & Remuneration
Salary: +/- 1.25 Mil Pa Depending on experience
#J-18808-Ljbffr