Senior Manager – Information Security
Primary Responsibility:
- Ensuring implantation and compliance to company information security policies (ISO 27001), associated regulations and standards
- Facilitate external audit, SAS 70 reviews, rating agency reviews and customer audits, and actively project-manage the remediation of audit findings
Performance Parameters:
- Maturity of Informatin Security
- Compliance to Information Security policies, standards and processes
- Security incident management
- Client relationship management (facilitate external audits, SOX / SAS 70 reviews, rating agency reviews and customer audits)
Responsibilities:
- Serve as internal information security consultant to the organization.
- Responsible for security planning and effectively managing information security risks within the operating environment
- Define information security policies, standards and processes for the organization·
- Implement, manage and report on adherence to information security policies & standards·
- Conduct and also perform reviews of overall information security risk assessments and associated activities including threat & vulnerability analysis, risk identification and review / approve security plans·
- Identify, and report any gaps and issues in risk assessment, risk mitigation, control implementation, testing and monitoring and updating processes·
- Facilitate external audits, SAS 70 reviews, rating agency reviews and customer audits, and actively project-manage the remediation of audit findings·
- Understand Corporate Incident Management process and requirements, and in the event of an incident work closely with corporate security teams·
- Provide direct training and oversight to all employees, affiliate marketing partners, alliances, or other third parties, ensuring proper information security clearance in accordance with established organizational information security policies and processes·
- Initiate, facilitate, and promote activities to create information security awareness within the organization
Qualifications:
- Minimum Graduation (Science and Engineering Background Only)
- One or more of the following certifications: CISSP / CISA / CISM / ISMS Lead Auditor
Minimum Experience Required:
- Total Experience: 7-9 years
- 4 - 6 Yrs of experience in the field of security consulting and / or security audits for large corporate/BPO with multiple sites. Experience and knowledge on ISO27001, SOX, SAS70, information security audits, security policy & process development, etc. Experience and knowledge of multiple operating systems, databases, networks, ERP, etc
- Risk Management experience in either:
- Implementation of ISO27001 Information Security Management Systems (ISMS) and / or Security control framework based on:
- COBIT or GCC (general computer controls) for SOX404 compliance
- SAS 70 Audit requirements
Competencies:
- Strong domain understanding of offshore technology sectors and / or business operations·
- Capable of managing project tasks individually and as a team·
- Ability to document and explain technical details in a concise & understandable manner·
- Excellent client relationship management skills·
- Excellent oral and written communication skills
- Excellent Presentation & Public speaking skills
PLEASE Send a fully detailed cv including availability and salary requirement to : info@brip-africa.com
