IntroductionPlease do not contact any of the recruiters directly.Should your CV be successful, we will be in contact.If you have not received feedback in 2 weeks, please consider your application unsuccessful.Desired Experience & QualificationIT Security and GRC ManagerLocation: Johannesburg, GautengSalary: +/- 1.25 Mil Pa Depending on experienceThe core purpose of the role is to establish and maintain a framework that provides assurance that information security and strategies are aligned with and support business objectives, are consistent with applicable laws and regulations through the adherence to policies and internal controls and provide assignment of responsibilities, all in an effort to manage risk.The role also includes ensuring compliance with all the relevant privacy regulations, coordination of IT audits and playing a key supporting role when it comes to disaster recovery planning and testing.Academic requirements3-year Degree in Computer Science or InformaticsCISSP, CISMITIL CertificationAdvantageous: Knowledge of ISO 27001/27002, NIST Cybersecurity Framework, POPIA.Preference for candidates with critical technical and leadership-oriented IT security certifications, such as CISA, CRISC, CISSP, CISM, or equivalent.Established experience in planning, organizing, and developing IT security teams and strategy.Substantial exposure to data processing, hardware platforms, enterprise software applications and outsourced systems, with preference in Microsoft Technologies.Expertise in leveraging cloud-based solutions necessary to enable the distributed enterprise.Ability to instil confidence in the business and demonstrate the business value of IT.Effective influencing and negotiation skills in an environment where resources may not be in direct control of this role.Excellent analytical, strategic conceptual thinking, strategic planning and execution skills.Strong business acumen, including industry, domain-specific knowledge of the enterprise and its business units.Success in leveraging both traditional best practices, such as IT Service Management practices based on ITIL, as well as emerging methods like DEV/SEC/OPS that are optimized for agility.Demonstrated ability to develop and execute a strategic people plan that ensures that the right people are in the right roles at the right time and that employees are highly engaged and satisfied.Strong vendor management and partner relationship skills.3 - 5 years proven track record in IT Security and GRC.3 - 5 years experience in governing a Microsoft environment.1 - 2 years in a senior leadership role, managing and growing a team within the IT Security and GRC.Experience in contract and vendor SLA management.Knowledge• Sound understanding of ITIL governance framework.• Sound understanding of ISO security standards.• Practical experience in the field of IT Security and GRC.• Sound knowledge of relevant legislations and security/governance standards.• Specialist understanding of:Email and Internet SecurityThreat and Vulnerability ManagementFirewall ManagementSIEM and SOC ManagementIdentity and Access ManagementSkillsGood communication skills to persuade & influence others effectively at all levels (externally and internally).The ability to translate business requirements into technical solutions to provide direction and support to technical staff.Highly developed interpersonal skills to manage service provider network effectively, handle conflict, including sensitivity to diversity.Advanced critical and analytical thinking & problem-solving skills to perform in-depth analysis of the IT environment.Above average numeric reasoning skills to draw logical conclusions from numerical information.Ability to multi-task.Ability to perform duties independently and under pressure.Excellent verbal and written communication skills, including the ability to explain technical concepts and technologies to business leaders, and business concepts to the security workforce.Personal AttributesGrowing and nurturing relationshipsPassion for optimizing business performanceStrong customer centricityPassion for leading others and instilling our cultureAnalyzing and solving problemsHigh sense of urgencyProactiveKey deliverables and outputs1. Governance and RiskMaintain all IT policies and related processes for annual reviews, stakeholder vetting and relevant Committee approvals.Responsible for 3rd party security risk management and oversight.Responsible for contract reviews with potential technology providers to ensure negotiated agreements include critical Information Assurance terms and conditions.Works with the senior leadership team on the service portfolio and governance requirements.Serves on IT planning and policymaking committees; drives the development of enterprise security technology standards, governance processes and performance metrics to ensure the services consistently deliver value to the enterprise.Coordinates annual independent assessments of external and internal information security capabilities and audits.2. Security GovernanceDrive the implementation of an application that will map out, report on, enforce, and alert around security and controls violations.Drive the implementation of an Identity and Access Management solution, including SoD analysis and automation.Own and direct the organization's approach to IT security.Coordinate Security User Awareness programmes within the organization.Manage and own the process of vulnerability assessments and penetration testing.Keeps abreast of any new vulnerabilities and security threats in order to ensure that the organization's assets are protected at all times.Coach and lead employees with respect to the delivery of the organization's GRC objectives.Continuously assess and align core and extended team member skills with strategic Security and Technology direction.Develop and maintain critical 3rd party partnerships to increase capacity and skill to meet demand.Gathers reports and analysis on service consumption and value delivered to the organization's customers to ensure SLAs are met.Partner with Security Governance team to supervise and carry out compliance with the organization's security policies and standards among employees, contractors and third parties responsible for Security Delivery.Participate in the Information Security Leadership Team, to ensure reliable service delivery and efficient use of all resources.4. Additional duties and responsibilitiesDraft and own all required and relevant IT policies, procedures and frameworks.Present all IT policies for Executive sign-off.Perform other duties or functions as requested by management.Internal customersAll internal business stakeholders (e.g. Senior Managers and EXCO) and Nebula Group staff.External stakeholdersExternal business stakeholders.IT service providers.Package & RemunerationSalary: +/- 1.25 Mil Pa Depending on experience
#J-18808-Ljbffr
