Information Security Manager, Bryanston

Our Client a Global Tech firm is seeking an Information Security Manager to join their team in Sandton. They offer stability, growth, attractive salary along with excellent benefits and a great working environment.

As an Information Security Manager, you'll be responsible for the security of the organisation's information assets. You will develop and implement a strategy to protect sensitive data from loss or theft while ensuring that business operations are not disrupted.

Job Description

1. Information Security Management has the responsibility to work closely with the Information Security Office (CISO) team to contribute in developing and enhancing the global Information Security Strategy and will have the responsibility and accountability for translating, directing, and implementing the global Information Security strategy across the organisation. Incumbents within this role are responsible for technical leadership within the Information Security function and liaising closely with other managers on matters of Information Security. Information Security Management is responsible for safeguarding against current and future security risks. This role collaborates with other key stakeholders and the broader company Information Security community to establish the vision, tenets, and comprehensive security strategy to mitigate risks. They will leverage their technical expertise and strong business acumen to define objectives, priorities, and establish appropriate milestones and actions to ensure the reduction of risk through the implementation of security controls and recommended mitigation strategies are delivered on, as committed to key senior management.

Requirements

1. Manages the development, deployment and execution of controls and defences to ensure the security and risk mitigation of company infrastructure technology, information systems and digital payment systems.
2. Identifies cybersecurity architecture, goals, objectives and metrics; analyzes business needs and priorities for protection of critical systems.
3. Establishes and implements operational policies and appropriate standards and criteria for hardware, software, email and web firewall, access verification and encryption requirements.
4. Monitors systems for cybersecurity vulnerabilities, threats and events, oversees incident response planning, and leads vulnerability audits and forensic investigations.
5. Evaluates potential business impacts from security breaches and provides strategic and tactical guidance to business decision-makers.
6. Develops and executes security systems compliance policies and procedures. Selects, develops and evaluates personnel to ensure the efficient operation of the function.

Key Roles and Responsibilities:

1. Provide line management and mentorship of a team of Security Engineers, Security Consultants, Security Architects and DevSecOps Engineers
2. Define the overall strategic security architecture vision in conjunction with the CSO – TPS
3. Provide technical leadership on security initiatives
4. Provide leadership and direction for the TPS Information Security staff embedded and distributed throughout the organisation
5. Lead cross-functional teams in implementing Information Security
6. Liaise with and provide SME advice on Information Security matters such as BAU security activities, emerging security risks and relevant security controls, across the TPS functions (such as Research & Development, Corporate IT Management, Governance, Risk & Compliance Management, HR and Legal, Product Engineering, Product Management and Operations) in addition to senior management, department heads and managers as necessary
7. Work with department heads and other managers to champion the priority of security initiatives
8. Deliver a “Center of Excellence” for Information Security, offering internal consultancy, advice and pragmatic assistance on Information Security risk and control matters throughout the organisation and promoting the advantages of managing Information Security risks more efficiently and effectively
9. Provide leadership and strategic direction for the function, ranging from planning and budgeting to the value of Information Security & Certifications
10. Build a culture of security and create a compelling security vision and strategy for the company
11. Develop a layered defence strategy to protect our assets
12. Function as an internal consulting resource on Information Security issues and incidents
13. Provide strategic security oversight and risk guidance for projects and products, including the evaluation and recommendation of technical controls and solutions
14. Mitigate enterprise vulnerabilities and reduce attack surface vectors identified through Security reviews and controls implementation
15. Oversight of Threat & Risk Assessments, Security Architecture design reviews, and project security reviews, ensuring key applications and products are assessed for risk
16. Help ensure compliance with applicable data security laws, regulations, and customer requirements
17. Develop, manage, and execute the TPS' Information Security budget in collaboration with business stakeholders
18. Security Architecture function:
19. Commission Information Security risk assessments and controls selection activities
20. Commission ongoing review and analysis of internal and external security risks/vulnerabilities, and develop/implement cost effective, proactive risk mitigation programs
21. Security Engineering (build) function:
22. Commission Information Security controls build processes for Security controls, client-build and new services build activities
23. Security Assurance function:
24. Oversight in implementing and maintaining Application Security tools, processes and best practices
25. Commission Security Testing (penetration testing) for new projects, compliance and annual BAU testing
26. Commission Vulnerability Management for new projects, compliance and ongoing BAU activities
27. Use an integrated risk management approach to create executive-level perspectives on, and status reports about, all security risks
28. Work with other members of the TPS management team to establish appropriate priorities for security-related objectives such as resiliency, continuity, recoverability, and defensibility against risks
29. Orchestrate and harmonise security-related business process standardisation, normalisation, documentation, and continuous improvement across services

Knowledge, Skills and Attributes:

1. Excellent team player and corporate citizen
2. Excellent communication skills – both written and verbal
3. Excellent presentation skills
4. Innovative with a solid client orientation aptitude
5. Ability to train and coach teams
6. Excellent service consulting aptitude focussing on the business, service and sales aspects
7. Technology specialist who provide senior mentorship, thought leadership and technical guidance to stakeholders & solution architects, specialists, developers and business development managers
8. Ability to use previous technical project lead experience to guide successful implementation of a system solution
9. Impeccable attention to detail with the ability to translate internal customer requirements into solutions
10. Resourceful and confident in order to handle pressure in critical situations, ensuring that the client (internal and external) requirements are met
11. Articulate and persuasive leader who can serve as an effective member of the senior management team and who is able to communicate security-related concepts to a broad range of technical and non-technical staff
12. Solid understanding of security practices in a cloud (public/private) world
13. Highly developed technical capability across a broad range of Security products/solutions
14. Ability to map business needs to technology solutions
15. Solid understanding of information technology and Information Security
16. Solid understanding of security risks and preventative controls
17. Solid understanding of security operational processes and controls
18. Interpersonal skills with the ability to develop strong relationships
19. Ardently attuned to security news, trends, risks, and events and be able to understand vulnerabilities and exploit code sufficiently to understand security implications and assess their impacts
20. Ability to remain relevant in security threats, countermeasures, security tools, and network technologies
21. Motivated with the drive to succeed
22. A strong client service orientation
23. Ability to negotiate and influence
24. Good project, analysis, problem-solving, and business relationship skills

Qualifications

1. Bachelor's degree in Computer Science or a related field required
2. Bachelor's in Computer Science or equivalent degree together with specialised training in new technologies and legacy systems
3. CISSP or equivalent certification (Highly Desirable)
4. SABSA or TOGAF certification (Highly Desirable)
5. Extensive experience in the Technology Information Security Industry
6. Demonstrable experience in a similar role
7. Demonstrable experience with business continuity planning, auditing, and risk management, as well as contract and vendor negotiation