Minimum Job Requirements: Security expert with, aligned industry qualification (CISSP, CISM, CRISC). Experience in performing security assessments against frameworks such as ISO27001, NIST CSF, CIS, GDPR, etc. Proven track record in data security and governance. Experience of risk management principles, implementing risk frameworks and executing security risk assessments based on security best practices (e.g., ISO 27005, ISO3100, etc.) across large, Global businesses. Good understanding of IS risks, issues and controls associated with IT systems, networks and applications that are commonly encountered within a large Global organisation. Experience in performing audits over IS processes and controls. Extensive travel required into Africa operations. Competencies: Ability to develop and co-ordinate programmes of work across multiple divisions, functions, and business units. Previous experience of working with Legal, Audit and Compliance teams. Excellent verbal and written skills, including the ability to draft concise, and accurate reports. Experience of project delivery processes/methodologies and ensuring data security by design. Strong team building, leadership, motivation and communication skills to work as an effective member of the GRC team. Key Performance Areas: Thought leadership, influences, and delivers Cyber Risk Assurance. Plan and execute assessments against industry best-practice frameworks (NIST, ISO, etc.). Plan and execute compliance assessments of Group IS policy. Accountability to the operational areas, owners of risk and suppliers to deliver against the Group Cyber-Security (GCS) strategy, programmes, and requirement. Support the creation and implementation of an enhanced Cyber Risk Management framework for the Group. Work closely with the GRC Manager and key stakeholders to support businesses in identifying, assessing, and managing their cyber risks. Ensure consistent and continual alignment to the business and GCS strategy through oversight of a Cyber Risk Management framework, activities and processes including all aspects of the metrics/reporting. Monitor and drive rollout of the cyber governance, risk, and compliance programme for information security. Support the collation of cyber risks for reporting to the Board. Support the maintaining of information security policy set for the Group. Work closely with the Head of GRC and GRC Manager to continuously improve Group IS policies and guidelines. Support the adoption and maintenance of a GRC platform. Advise on exceptions to Group information security policies. Track/approve exceptions which impact multiple BUs or present a risk to the Group. Provide support, advice and guidance to Group businesses to help them maintain robust IS controls to protect restricted and confidential data. Support the businesses in performing post incident reviews for impactful incidents across the Group, ensuring that a detailed analysis of root cause, detection, response, and recovery activities is performed appropriately. Help facilitate workshops with the incident response teams to identify areas for improvement, applying lessons learned across the Group. Support the facilitation of crisis simulations and help the businesses prepare for a major incident. Monitor Global information security trends, technologies, and regulations to ensure these are considered in Group initiatives and business unit programmes to protect data. Work with Group Legal to understand the IS implications of new legislation and support businesses to ensure appropriate programmes of work are in place to respond. Lead or support Group initiatives to help businesses address common areas of risk and avoid a duplication of effort.
