Manager – IT Security and Compliance

Manager - IT Security and Compliance

Job Summary
• Set security standards and policies across the IT organization
• Ensure effective security standards are adhered to across the organization
• Development or enhancement and roll out of the IT policies and procedures, and subsequent assessment of compliance and maturity of the process framework within the IT organization.

Roles & Responsibility
• Develop information security standards and ensure implementation of information security policies and standards
• Identify and manage key information security risks, incidents, audit findings and events within IT
• Ensure business continuity and disaster recovery plans are adhered to
• Ensure IT systems security and resilience to external/internal factors (data availability, integrity and confidentiality)
• Keep up-to-date with latest IT security benchmarks and best practices
• Communicate major security breaches and requirements to the head of IT
• Ensure that the Senior Team of IT is fully aware of the current security strengths and weaknesses
• Enhance awareness of IT security through presentations and new staff induction courses
• Conduct periodic assessment on state of IT security
• Measure and monitor levels of information security compliance
• Issue regular security assessment reports (e.g. penetration and vulnerability testing, etc…)
• Develop, plan, and manage actions to address shortcomings
• Ensure conformance to relevant Service Level Agreements
• Definition of IT governance frameworks (strategy, operations, delivery and monitoring).
• Development or enhancement and roll out of the IT policies and procedures.
• Development of a process for assessment of compliance to the policies, processes and procedures.
• Development of an assessment framework for the maturity of the process framework within IT.
• Sponsorship of the IT policies, processes and procedures.

Business capabilities
• 10+ years in Information Technology with a minimum of 5 years in the security and compliance position of a leading organization
• Experience in implementing process frameworks in similar organizations: ISO 27001, ISO 20000, Cobit, ITIL.
• Knowledge of Information Security Standards/Practices and regulatory/compliance requirements
• Technical proficiency in security-related hardware and software; ability to function as a consultant to other IT groups on security matters as a recognized technical expert.

Interpersonal skills
• Strong verbal and written communication skill and presentation skills
• Proven skills in working collaboratively with business teams.

Education
• Bachelor’s degree in Computer Science or a technical discipline relevant to IT security
• Relevant systems security certification such as CISA/CISSP etc.