PurposeThe Information Security Manager serves as the process owner of all assurance activities related to the availability, integrity, and confidentiality of customer, business partner, employee, and business information in compliance with the organization's information security policies. A key element of this role is working with executive management to determine acceptable levels of risk for the organization. This position is responsible for establishing and maintaining a corporate-wide information security management program to ensure that information assets are adequately protected. The Information Security Manager will work closely with the Head of IT and must have a strong working knowledge of information technology.Key ResponsibilitiesDaily operations of the IT security program as well as establishing and maintaining the right levels of cybersecurity baseline and audit controlsIs responsible for initial and periodic information security risk assessment/analysis, mitigation, and remediationDevelop, implement and monitor a strategic, comprehensive enterprise information security and IT risk management programWork directly with the business units to facilitate risk assessment and risk management processesDevelop and enhance an information security management framework and ensure the consistent application of policies and standards across all technology projects, systems, and servicesSetup a companywide cybersecurity dashboard to monitor and track all baseline controls, coordinate weekly and monthly review sessions, and ensure deliveryProvide cybersecurity leadership across the organizationPartner with business stakeholders across the company to raise awareness of risk management concernsAssist with the overall business technology planning, providing a current knowledge and future vision of technology and systemsSetup and maintain appropriate capabilities to continuously monitor all systems for potential attacks and be able to immediately analyse any cybersecurity incidents and respond to block any infiltration and protect information and dataEvaluates security trends, evolving threats, risks, and vulnerabilities and apply tools to mitigate risk as necessary.Work closely with all resilience and DRP functions/coordinators to ensure the resilience of all BCP functions against cybersecurity incidents.Collaborates with organization senior management, Privacy Officer, and Corporate Compliance Officer to establish governance for the security programMaking sure the company is compliant with local, national, and global regulations, especially in areas like privacy, health, and safety.Initiates facilitate and promote activities to foster information security awareness within the organizationCreates a culture of cybersecurity both with the IT organization and driving behavioural changes for the business. Serves in a leadership role for security complianceCollaborate with leadership and business stakeholders to develop an annual operational plan in line with the strategyDevelop, collaborate and facilitate policy development and implementationConduct due diligence of internal and external partiesImplement and maintain Service Level agreements with external parties to ensure that quality of service is maintainedManage third party supplier and supplier riskProvide governance and regulatory advisory services to business unitsCollaborate with team to identify risks for emerging technologies and ensure alignment to relevant legalisation or the changesMonitor and analyse technology risk trends and advise, plan and execute mitigation or remedial actionsPerform performance management, through KPIs and performance appraisalsMentor and coaching of staffQualificationsDegree in Information Technology related field required.Professional security management certificationExperienceMinimum Of 6 years of experience in IT-related jobsMinimum Of 4 years of experience in a combination of risk management and information security management jobsExperience with contract and vendor negotiations and management including managed services.Specific experience in Agile (scaled) software development or other best in Class development practices.Experience with Cloud computing/Elastic computing across virtualized environmentsKnowledgeKnowledge Of common information security management frameworks, such Innovative thinking and leadership with an ability to lead and motivate crossas ISO/IEC 27001, and NIST. functional, interdisciplinary teamsExcellent written and verbal communication skills and a high level of personal integrityShould you not receive a response from us within one week of your application, your application has unfortunately not been successful.
