Information Security Manager

BUSINESS UNIT: INFORMATION TECHNOLOGY

DISCIPLINE: GOVERNANCE AND REPORTING

LOCATION: SANDRINGHAM, JOHANNESBURG

POSITION: INFORMATION SECURITY MANAGER(RE-ADVERTISEMENT)

PAY GRADE: D3

REFERENCE NUMBER: CORPIT1024/001-05 (07990.001.1521)

Key Job Responsibilities:

• To be responsible for the overall planning, implementation and management of information security strategies, roadmaps and high level design guidance
• Run information security committees in collaboration with governance and risk
• Attend to all information security management system requirements such as information risk (including an information risk assessment methodology).
• Define the information security strategy in support of defined business strategies of the organisation.
• Provide input to the technology roadmap ensuring realisation of the information security strategy.
• Set the priority of security initiatives and motivate importance relative to other organisational initiatives.
• Ensure that the security roles are defined correctly to achieve appropriate information security for the organisation.
• In collaboration with other security roles construct the security budget.
• Identify and facilitate development of applicable security standards and processes in support of the overall IT security policy defined by organisation risk and governance.
• Oversee implementation of applicable security policies, standards and processes through appropriate measurement and reporting of the enterprise.
• Assist in definition and ratification of the organisation security principles.
• Participate in Architecture and design review sessions ensuring that the applicable principles and standards are applied.
• Participate in the decision making forums regarding security compliance.
• Define operation reporting requirements from SOC.
• Participate in the incident management and loss prevention approaches within IT.
• Support organisational security awareness campaigns.
• Drive IT security awareness, training and certification within the IT organisation.
• Report on and facilitate actions regarding IT security as part of risk management.
• Perform chairperson function for operational information security steering committee
• To participate in the strategic information security steering committee.
• Provide periodic security trend analysis with specific reference to capital and financial markets.
• Ensure all information security matters are communicated to business stakeholders in business terms and language.
• The ISM is actively involved in guiding solutions through reviews and strategic interpretation
• The ISMS will review the business needs documentation, guide the reference architecture development and foster sound working relationships with architects or other disciplines and the IT department in order to ensure appropriate integrated solutions are developed.
• The ISMS is also responsible to ensure that an information security governance framework is developed and implemented.

Minimum requirements & key competencies:

• Bachelor Degree in Information Systems, Computer Science or Related (NQF Level 7)
• Certifications, e,g CISSP, CISM or CISA
• CGEIT, ITIL or other IT certifications ( Desirable)
• Eight (8) years experience in information security environment
• Five (5) years supervisory/management experience
• Proven experience in consulting on information security within a medium to large business or at an enterprise level
• Demonstrated experience in the pragmatic application of best practices such as ISO27001
• Have experience leading a multi-disciplinary team, fostering collaboration and teamwork (Desirable)
• Very good knowledge of IT security issues at a technical, procedural and organisational level
• Knowledge of oracle, linux, MS SQL etc
• Sound knowledge of network design (CISCO, LAN, WAN)
• Good knowledge of the broader scope of security technologies and practices delivering solutions that supports the value chain
• Understanding of legal security requirements within SA legislative context and have the capability to interpret it and apply it in the applicable context
• Sound business and financial awareness (desirable)
• Knowledge of ITIL & COBIT (desirable)
• Knowledge of Audit (desirable)
• Communication skills
• Advanced computer literacy
• Team player with the ability to work independently
• Interpersonal skills
• Technical skills
• Ability to cope with change
• Analytical skills/ Problem Solving
• Proficient with MS Office
• Negotiation skills/ Conflict Management
• Business minded
• Project management skills.

Enquiries may be directed to Ndabenhle Ngongoma @ (011) 386 6145, or e-mail application to Corporate2@nhls.ac.za