IT Security Officer Permanentposition, Cape Town, Southern Suburbs Strictly EE The Information Security Officer (ISO) isresponsible for the governance of all aspects of the physical and logical security of a banksinformation assets and ensure confidentiality, integrity, security and availability of theinformation technology environment Develops and manages an information security programme:  • Designs and leads an enterprise wide information security programme to identify, assess andmitigate risks. • Writes, implements and maintains security policies and procedures. • Establishes an effective reporting and escalation process. • Appraises and guides the executive team on all aspects of information security, includingtrends, threats and vulnerabilities.Leads Solution Development and Maintenance:  • Leads / oversees and works with Service Providers on system upgrade strategies, leads thearchitecture, design, implementation, and maintenance of complex solutions. • Identifies, screen and evaluate new solution opportunities to address businessrequirements. • Works with leadership and service providers to ensure timely introduction and withdrawal ofproject and products in line with company business plan and strategy. Implements the InformationSecurity Strategy:  • Develops and implements the information security strategy and governance framework which isconsistent with Group information security objectives and industry best practices. • Proactively works with IT management to implement and integrate information securityprocedures, standards and controls into the day to day operations. Manages Information SecurityTechnologies:  • Manages Information Security technologies including identity and access management,penetration testing, identity theft, denial of service (DoS) attacks, hacking techniques, accesslist management, user authentication, data encryption, vulnerability scanning, intrusion detection,email scanning, web content filtering, virus management and security testing. • Keeps abreast of developments in the areas of legal, regulatory, corporate requirements,technological developments and best practices in the information security field. Risk Management:  • Work closely with auditors, and drive the necessary remediation of information securityfindings • Assist in identifying and mitigating information security related risks • Conduct risk assessments on third parties to ensure compliance of information securitystandardsApplication Security – Automation: • Define the information security requirements for SDLC • Facilitate information security code reviews • Drive security automation into the DevOps processes Operational Security:  • Drive the vulnerability and patch management programme • Coordinate technical information security assessments and penetration tests, as well as,drive remediation • Manage the information security products and support vendors Security Architecture:  • Review, provide input, and approve solution designs from an information securityperspective • Define and drive security architecture      RoleDescription
IT Security Officer Permanent position, Cape Town, Southern Suburbs Strictly EE The InformationSecurity Officer (ISO) is responsible for the governance of all aspects of the physical and logicalsecurity of a banks information assets and ensure confidentiality, integrity, security andavailability of the information technology environment Develops and manages an information securityprogramme:  • Designs and leads an enterprise wide information security programme to identify, assess andmitigate risks. • Writes, implements and maintains security policies and procedures. • Establishes an effective reporting and escalation process. • Appraises and guides the executive team on all aspects of information security, includingtrends, threats and vulnerabilities.Leads Solution Development and Maintenance:  • Leads / oversees and works with Service Providers on system upgrade strategies, leads thearchitecture, design, implementation, and maintenance of complex solutions. • Identifies, screen and evaluate new solution opportunities to address businessrequirements. • Works with leadership and service providers to ensure timely introduction and withdrawal ofproject and products in line with company business plan and strategy. Implements the InformationSecurity Strategy:  • Develops and implements the information security strategy and governance framework which isconsistent with Group information security objectives and industry best practices. • Proactively works with IT management to implement and integrate information securityprocedures, standards and controls into the day to day operations. Manages Information SecurityTechnologies:  • Manages Information Security technologies including identity and access management,penetration testing, identity theft, denial of service (DoS) attacks, hacking techniques, accesslist management, user authentication, data encryption, vulnerability scanning, intrusion detection,email scanning, web content filtering, virus management and security testing. • Keeps abreast of developments in the areas of legal, regulatory, corporate requirements,technological developments and best practices in the information security field. Risk Management:  • Work closely with auditors, and drive the necessary remediation of information securityfindings • Assist in identifying and mitigating information security related risks • Conduct risk assessments on third parties to ensure compliance of information securitystandardsApplication Security – Automation: • Define the information security requirements for SDLC • Facilitate information security code reviews • Drive security automation into the DevOps processes Operational Security:  • Drive the vulnerability and patch management programme • Coordinate technical information security assessments and penetration tests, as well as,drive remediation • Manage the information security products and support vendors Security Architecture:  • Review, provide input, and approve solution designs from an information securityperspective • Define and drive security architecture      

Skills and Experience
Requirements: Education (formal qualification required): Minimum:  • National certificate / Grade 12  • BCom Computer Science, Informatics or Auditing or an Engineering degree  • CISSP  Ideal but not essential: • B degree plus certificates in OSCP, CISM, CISA • Postgraduate Diploma / Advanced Diploma / Degree in IT will be advantageous.   Experience Required: 5-8 years’ experience in Information Technology  5 years’experience in enterprise information security architecture related roles and experience in technicalanalysis, vulnerability scanning and information security assessments 5+ years’ experienceKnowledge of BS27000,COBIT,SDLC methodologies and ITIL  3-5 years’ experience in leading andmanaging information security discipline 3-5 years 5 years’ experience in establishment andmaintenance of information security architecture  5 year experience Technical implementation of therequired information security controls    Email: Leigh.Duffield@eoh.co.za