Status : Regular, Full-Time, Excluded
Reports to : Vice President, Client Experience & Chief Financial Officer
Principal Accountabilities :
Develop, implement and monitor a strategic, information security program to ensure appropriate levels of confidentiality, integrity, availability, safety, privacy and recovery of information assets owned, controlled or / and processed by the organization.
Provide regular reporting on the current status of the information security program to enterprise risk teams, senior business leaders and the board of directors as part of a strategic enterprise risk management program, thus supporting business outcomes.
Develop and enhance an up-to-date information security management framework including policies, standards and guidelines to ensure operating efficiency and regulatory compliance.
Manage the process of gathering, analyzing and assessing the current and future threat landscape to identify risks and threats in the enterprise environment.
Create, manage and measure the effectiveness of an information security awareness training program for all employees, contractors and approved system users.
Work with the procurement team to ensure that information security requirements are included in contracts by liaising with vendor management and procurement organizations.
Provide clear risk mitigating directives for projects with components in IT, including the mandatory application of controls.
Create a framework for roles and responsibilities with regard to information ownership, classification, accountability and protection of information assets.
Work effectively with business units, partners, and vendors to facilitate information security risk assessment and risk management processes, and associated mitigation strategies and controls
Collaborate and liaise with the data privacy officer to ensure that data privacy requirements are included where applicable.
Ensure that security is embedded in the project delivery process by providing the appropriate information security policies, practices and guidelines.
Manage and contain information security incidents and events to protect corporate IT assets, intellectual property, regulated data and the company's reputation.
In the event of a breach, oversees or performs forensic analysis.
Coordinate the development of implementation of incident response plans and procedures to ensure that business-critical services are recovered in the event of a security event.
Facilitate and support the development of asset inventories, including information assets in cloud services and in other parties in the organization's ecosystem.
Reviews and advises the Executive Team and the Board of Directors on the strategic implications of developments in or changes to information security that have an impact on the business model, business processes and resources.
Oversees the development of the annual budget for information Security, establishes and manages the goals, and builds reporting and analysis of key performance indicators.
Knowledge, Skills & Experience :
Minimum of 5 to 7 years of experience, with three years in an information security leadership role and a university degree or higher.
Sound knowledge of business management and a working knowledge of information security risk management and cybersecurity technologies.
Proven track record and experience in developing information security plans, policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic business environment.
Excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives.
Professional security management certification is desirable, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials.
Knowledge of common information security management frameworks, such as ISO / IEC 27001, ITIL, COBIT as well as those from NIST, including 800-
53 and Cybersecurity Framework.
Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-
related concepts to technical and nontechnical audiences at various hierarchical levels, ranging from board members to technical specialists.
Excellent stakeholder management skills.
Must be a critical thinker, with strong problem-solving skills.
High level of personal integrity, as well as the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity.
Proficiency in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies.
Highly developed ability to influence other departments and employees to act in accordance with the Client Experience Vision.
Please note : As the system is in development, competitions will remain visible past the application deadline. Only applications sent prior to the deadline will be considered.
Likewise, please note that only short listed candidates will be contacted.
Please submit applications in Microsoft Word format directly to dreamjobs itmindfinders.com