Posted on: 24 July 2023
ID 873730

Information Security Manager

EMPLOYMENT TYPE:

Permanent

COMPANY:

International UCM company

LOCATION:

Cape Town (On-site working on hybrid model)

JOB OVERVIEW:

The company has acquired access to a number of technological solutions in response to market demands and provides software services to globally managed service providers, and large enterprises, either directly or through partner and reseller channels. One of the company's strategic objectives is to transition from customer-hosted, on-premise solutions to the company's cloud-hosted solutions. As regulatory and cyber security requirements have become a permanent standard and the continuous evolution of these requirements must be considered and incorporated within our business processes and procedures, the company is committed to evolving, improving, and maturing its information security practices and has an objective of aligning and certifying with ISO27001 or SOC2, whilst tactically also complying with various customer requirements pertaining to information and data security.

DESCRIPTION OF POSITION:
  • The Information Security Manager will be responsible for reviewing the existing status and what has been set up to date and then working with the current team involved in the initiative to develop, implement, and manage the Information Security Program (ISP).
  • This role requires a strong project management background, an understanding of software development processes, and a comprehensive knowledge of information security best practices, specifically related to cloud-hosted services.
  • The Information Security Manager will be expected to take ownership of internal and external programs and will collaborate with cross-functional teams to identify risks and implement security measures whilst ensuring compliance with relevant industry standards and regulations.
  • All information and data security-related requests received from customers will be owned and managed by the Information Security Manager, who will take the lead in the analysis, data collection and collaboration, preparation, and responses to such requests.
  • You will also be responsible for monitoring, investigating, and responding to security incidents and providing guidance and training to employees regarding information security protocols and processes.
  • The ideal candidate must have expert knowledge and proven experience in the information and data security space, with the proven ability to own and deliver a company-wide information and data security program.
  • Given the distributed nature of the company's workforce, the candidate should possess expert collaboration and influencing skills and must have the capacity to effectively communicate their ideas, opinions, and recommendations in a compelling manner to garner support and agreement from the company's Executive team and other business unit leaders.
    • These skills encompass various elements, such as effective communication, building rapport, presenting logical arguments, addressing objections, and showcasing the value and benefits of their proposals with the objective of achieving desired outcomes in collaboration with the company's Executive team.
  • The candidate must have strong project management skills, and be a self-starter with proven, referenceable ability to successfully deliver projects and programs within complex and distributed environments.
  • It is highly advantageous for the candidate to have previous experience in the process of certification with standards such as ISO27001 or SOC2 and will provide leadership and guidance through the process of acquiring auditors, performing assessments, prioritizing, planning, and gaining scope and budget approval for related remediation activities.
  • The successful candidate will be responsible for remaining up to date with the latest information security regulations and will have a proven ability to educate and guide business unit leaders on best practices, trends, and potential risks and threats.
  • The successful candidate will take ownership of the management and maintenance of a central risk register.
    • This should include a prioritized gap analysis register, a remediation plan, and comprehensive details on compliance, best practices, and related matters.
  • The Information Security Manager will act as the Data Protection Officer (DPO) and should display the ability to manage critical escalations as part of the response procedures during information or data breach incidents.
  • Importantly, the Information Security Manager will need to be commercially mature to ensure the company gets a sensible balance between a high enough level of the implemented level of security to meet the market demands and not embarking in a direction to try to deliver an all-embracing, perfect outcome.
The Information Security Manager's initial focus areas will include:
  • Initial fact-finding, investigation, and assessment
  • Perform a gap analysis to determine the current state of compliance as measured against the industry standard information security best practices
  • Evaluate, and prioritize critical areas of non-compliance
  • Document, plan, and gain approval for the remediation of issues identified ISO27001 (or equivalent) certification
  • Engage consultants and lead the certification process
  • Review outcome and develop a remediation plan to ensure certification standards are met
  • Own the implementation of an approved remediation plan
  • Secure certification
  • Reporting
  • Develop reporting capabilities to clearly articulate the information and data security status, incorporating a central risk register.
  • Customer information security questionnaires
  • Ownership of all customer questionnaires, including the acceptance, draft, review, cross-team collaboration, and final response.
KNOWLEDGE AND SKILLS:
  • Proven success in a similar role.
  • A strong customer-centric and pragmatic approach.
  • Excellent, proven problem-solving skills.
  • A strong commercial approach and the ability to budget and track both costs and benefits
  • Great attention to detail.
  • Proven ability to get things done - be very outcome focused in the approach whilst measuring progress and success.
  • Experience working collaboratively with executives and teams in a matrix-style environment, with the ability to influence, lead and guide executives and teams on information and data security-related topics.
  • Strong leadership abilities, with a track record of driving change and building a culture of security awareness.
  • Proficient knowledge of data security best practices, industry standards, and frameworks (e.g. ISO 27001, SOC 2).
  • Highly regarded communication and interpersonal skills, with the ability to effectively collaborate with technical and non-technical stakeholders, both internally and externally.
  • Familiarity with privacy regulations (e.g., GDPR, CCPA) and experience in ensuring compliance.
  • Strong project and program management skills with a proven ability to deliver complex programs spanned across cross-functional teams within a distributed workforce.
  • Strong understanding of software development processes, as well as processes related to the wider business, including a good understanding of the concepts and implementation requirements related to the technical and operational measures required to ensure compliance (including secure coding practices, secure SDLC concepts, access control, etc.).
  • Familiarity with cloud security architecture and best practices for securing cloud services.
  • Comprehensive understanding of security controls, such as firewalls, intrusion detection systems, data encryption, access controls, and identity management.
  • Strong administrative skills with the proven ability to develop and maintain policies, guides, training material, and documentation related to information and data security practices within the Company's environment.
On the personal side:
  • This individual should be results driven and have energy and persistence.
  • The candidate should be a competent and confident global player, will need to be respected at all levels within the organization and their personal integrity and effectiveness must be undoubted.
  • The successful candidate will be highly competent, self-motivated, responsible, and able to work under pressure and flexible hours to fit in with the international structure of the Company.
  • They require exceptional communication skills (written and verbal), proven leadership capabilities, sound decision-making skills, and excellent analytical and problem-solving skills, with a focus on understanding the root cause of an issue
QUALIFICATIONS REQUIRED:
  • Bachelor's or master's degree in Computer Science, Information Security, or the equivalent in a related field.
  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Security Manager (CISM), or other relevant certifications.
EXPERIENCE REQUIRED:
  • 6+ years experience in Information Security Management, preferably within a software development environment.
  • Experience managing programs for certification with ISO 27001 or SOC 2.
  • Proven experience in risk assessment, vulnerability management, and incident response.
  • Please note: If you have not heard from us within 2 weeks, please consider your application unsuccessful.
Occupation:
IT, computing jobs


This job offer is not active at the moment.
Apply for a job
You have already applied to this job position
Save ad
Transnet Bakkies Truck Tenders 078 203 6974
Jobin.co.za
Transnet Bakkies Truck Tenders 078 203 6974
Jobin.co.za
Transnet Bakkies Truck Contract 078 203 6974

Transnet Bakkies Truck Contract 078 203 6974

Transnet
Pretoria / Tshwane
Jobin.co.za
Dihlabeng hospital jobs available

Dihlabeng hospital jobs available

Dihlabeng hospital
Bethlehem
Jobin.co.za
BAKUBUNG PLATINUM MINE JOBS AVAILABLE

BAKUBUNG PLATINUM MINE JOBS AVAILABLE

BAKUBUNG PLATINUM MINE
Rustenburg
Jobin.co.za
TWO RIVERS PLATINUM MINE JOBS AVAILABLE

TWO RIVERS PLATINUM MINE JOBS AVAILABLE

TWO RIVERS PLATINUM MINE
STEELPOORT
Jobin.co.za
EVANDER GOLD MINE JOBS AVAILABLE

EVANDER GOLD MINE JOBS AVAILABLE

EVANDER GOLD MINE
Secunda
Jobin.co.za