General Manager: Cyber and Information Security (CISO)

The South African National Roads Agency • Full-time • Pretoria, Gauteng, South Africa • 12h ago

Job Location : Gauteng, Pretoria Deadline : January 04, 2025 Quick Recommended Links

MINIMUM REQUIREMENTS

NQF Level 8 qualification: Computer Science / Information Technology or equivalent.
Certification on either: CISSP / CISA / CISM / COBIT.
10y ears experience in a related work environment with specific experience in Information Security, IT Risk, IT Governance, security assessments, security audits and Compliance, of which 5 years must have been at a senior management level.
Illustrated experience in leading a team on projects.

ADVANTAGEOUS

TECHNICAL COMPETENCIES

Extensive technical knowledge of information technology and general ICT services, solutions, systems and processes.
Extensive knowledge of Enterprise Architecture Planning, solution design, development and operations with respect to security.
Solid understanding of Operating System Security, Network Security, Application and Mobile Security that includes threat and controls
Extensive experience across threat and vulnerability management, including perimeter security, DLP and Identity Management.
Extensive knowledge of industry trends and best practices to protect company data by applying data security management principles, policies and processes.
Knowledge of the latest technological trends to promote new technologies within the organization and suggest changes to the present framework.
Extensive knowledge of Contract Management and subcontractor engagement processes.

Strategy Development, Security Policies, Guidelines and Processes

Establish, implement and monitor Cyber and Information Security Strategy in line with SANRAL business strategy (Horizon 2030) and SANRAL ICT strategy.
Set objectives for ICT security policies.
Periodically review audit results.
Performance management within the Applications and Infrastructure management team.
Analyse industry and technology trends and advancements to determine potential impact upon the security landscape of the enterprise.
Define and implement business continuity management plan to maintain and architect effective disaster recovery measures.

Information Security Architecture and IT Governance

Define IT governance structures in support of the ICT Strategy and to ensure alignment of ICT to business.
Define and implement Information Security Architecture, principles, tools and technologies; and
Define and implement IT governance processes.

IT Risk Management

Develop IT Risk Management framework, policies and procedures.
Ensure system security within ICT business units complies with audit and information security expectation.
Conduct ICT Risk and vulnerability self-assessment.
Co-ordinate IT Audit and Risk feedback; and
And Ensure ICT disaster recovery is in place and tests are conducted regularly in accordance with business continuity management plans.