Job Title : Maintenance Manager

• Ensure that all policies developed are in line with contractual, legislative and industry best practice
• Ensure that all policy exceptions are documented and tracked through their risk life cycle
• Drive implementation and policy compliance across all business units
• Create and rollout an awareness program
• Define and measure metrics to ensure awareness programs are effective
• Establish and implement an information security risk management framework
• Manage and maintain an information security risk register that documents, evaluates, and tracks all information security risks and feeds into the organisational risk register
• Oversee, identify, and manage all related operational costs in accordance with financial policies, procedures, processes, prescribed schedule of payments, procurement and subcontractor management policies and procedures
• Establish and maintain appropriate internal controls and reporting systems to meet performance expectations
• Ensure operating efficiencies through enhanced resource management and budget control

Key Service Area

• Ensure that there are regular information security audits and penetration testing on various levels of application, database, policy etc.
• Ensure that all contracted security requirements are fulfilled
• Control the management of organisational risks through monitoring and reporting mechanisms
• Review the Business Continuity and Disaster Recovery plans annually to ensure all tasks are correctly assigned and are implementable by designated personnel
• Monitor compliance of organisational policies and procedures and adherence to all statutory and regulatory requirements prescribed for overall corporate governance

Reporting

• Compile and submit reports on policy compliance levels per business unit
• Compile and submit Information Security Management report to SSC
• Compile and submit report on information security risks and remediation plans

People Management

• Manage employees directly under supervision and maintain effective utilisation and discipline required to achieve business objectives
• Create an enabling environment that facilitates effective performance by direct reports and instills behaviour that supports the organisational values
• Provide access to skills development and capacity building opportunities

Requirements:

• Matric
• Relevant undergraduate degree/diploma and/or certificate
• Certification or completion of CISSP, CISM, CISA, ISO/IEC 27001 Lead Implementor and/or CompTIA Security+
• Strong technical background in systems and network security
• Project Management skills (ability to plan, organize, coordinate, and implement)
• Experience in compilation of management reports
• Understanding of, and practical experience of applying the Data Protection Act, the Freedom of Information Act and other related legislation, standards and codes of practice