Define, develop andintegrate the strategic plan for information technology security and information assurance,including security architecture. Consult with chiefs and executives on the implication of any strategic and tacticalinformation security risks in order to ensure effective information security and to minimize risk. Establish and update the information technology security policy which includes informationassurance and information compliance as well as the code of ethics incorporating all new legislationand industry standards. Design information technology security monitoring documentation, response plans, as well asthe documentation content. Develop and implement the Information Technology Compliance control framework. Design and maintain the Information technology Compliance policy and procedures. Formulate audit strategy to measure the company’s Information Compliance status. Identify protection goals, objectives and metrics consistent with the corporate strategicplan. Define and execute of planning and implementation for all tools/hardware and software forinformation technology security. Remain up to date and ensure compliance with all legislative requirements in respect ofinformation security and compliance, ensuring company alignment:o Maintain, implement structures and plans and assist with the governance of RICA and POPIInformationCompliance (both local and international compliance).o Maintain systems and processes to ensure compliance with PASA and PCI DSS (electronic payments)within the organisation.o Liaise with Legislative authorities and governing bodies.o Keep abreast of any legislative changes at all times, and update, amend/implement policies andprocedures accordingly Provide expert guidance to the business on all Information Compliance legislativerequirements. Develop Information Security Risk Management Plans and liaise with Business ContinuityManagement to maintain an effective BCM information security plans. Detect and mitigate risk timeously. Communicate the risk of non-Information Compliance and conduct high level presentations tocreate awareness and to inform the business of legislative requirements. Schedule audit projects with the scope of overall company risk mitigation to ensureinformation security compliance and liaise and coordinate with Internal Audit in this regard.Monitor all controls in order to provide regulatory risk assurance Facilitate the translation of the Information Security and Compliance strategy intofunctional business plans on an annual basis to the company’s business units. Oversee, organize and conduct all investigations into company Information Complianceactivities to mitigate risk Investigate and track the company’s Information Compliance status Review all non-Information Compliance issues and provide resolution. Report on all non-Information Compliance and risk issues. Investigate and identify Information Compliance risks and control management initiatives. Liaise with external legal authorities, vendors, auditors and other relevant InformationCompliance entities. Respond to incidents and establish appropriate standards and controls, manage securitytechnologies and direct the establishment and implementation of policies and procedures. Liaise withbusiness to develop and implement cyber incident response plans. Manage identity and access management within the organisation’s electronicinformation systems. Manage and advise on electronic data loss prevention and data protection within theorganisation. Collate and prepare Information Compliance reports. Compile risk impact analysis and reports Prepare and/or present Information Compliance reports for the Risk committee and/or boardmembers, nationally and internationally Strictly apply and adhere to Cell C Health and Safety procedures and rules.Role Description
Define, develop and integrate the strategic plan for information technology security and informationassurance, including security architecture. Consult with chiefs and executives on the implication of any strategic and tacticalinformation security risks in order to ensure effective information security and to minimize risk. Establish and update the information technology security policy which includes informationassurance and information compliance as well as the code of ethics incorporating all new legislationand industry standards. Design information technology security monitoring documentation, response plans, as well asthe documentation content. Develop and implement the Information Technology Compliance control framework. Design and maintain the Information technology Compliance policy and procedures. Formulate audit strategy to measure the company’s Information Compliance status. Identify protection goals, objectives and metrics consistent with the corporate strategicplan. Define and execute of planning and implementation for all tools/hardware and software forinformation technology security. Remain up to date and ensure compliance with all legislative requirements in respect ofinformation security and compliance, ensuring company alignment:o Maintain, implement structures and plans and assist with the governance of RICA and POPIInformationCompliance (both local and international compliance).o Maintain systems and processes to ensure compliance with PASA and PCI DSS (electronic payments)within the organisation.o Liaise with Legislative authorities and governing bodies.o Keep abreast of any legislative changes at all times, and update, amend/implement policies andprocedures accordingly Provide expert guidance to the business on all Information Compliance legislativerequirements. Develop Information Security Risk Management Plans and liaise with Business ContinuityManagement to maintain an effective BCM information security plans. Detect and mitigate risk timeously. Communicate the risk of non-Information Compliance and conduct high level presentations tocreate awareness and to inform the business of legislative requirements. Schedule audit projects with the scope of overall company risk mitigation to ensureinformation security compliance and liaise and coordinate with Internal Audit in this regard.Monitor all controls in order to provide regulatory risk assurance Facilitate the translation of the Information Security and Compliance strategy intofunctional business plans on an annual basis to the company’s business units. Oversee, organize and conduct all investigations into company Information Complianceactivities to mitigate risk Investigate and track the company’s Information Compliance status Review all non-Information Compliance issues and provide resolution. Report on all non-Information Compliance and risk issues. Investigate and identify Information Compliance risks and control management initiatives. Liaise with external legal authorities, vendors, auditors and other relevant InformationCompliance entities. Respond to incidents and establish appropriate standards and controls, manage securitytechnologies and direct the establishment and implementation of policies and procedures. Liaise withbusiness to develop and implement cyber incident response plans. Manage identity and access management within the organisation’s electronicinformation systems. Manage and advise on electronic data loss prevention and data protection within theorganisation. Collate and prepare Information Compliance reports. Compile risk impact analysis and reports Prepare and/or present Information Compliance reports for the Risk committee and/or boardmembers, nationally and internationally Strictly apply and adhere to Cell C Health and Safety procedures and rules.

Skills and Experience
QualificationsMinimum requirements - Post graduate degreeHons Degree in technology or equivalent degree i.e. BSc/B. TechMaster’s degree in an information systems related discipline – advantageousRequired CertificationCISSP or other security certification/accreditation (in good standing).Advantageous CertificationsISACA (formerly Information Systems Audit and Control Association) membership is preferred.ISSA (Information Systems Security Association) membership is preferred.CISA or CISM certifications through internationally accredited organisations are beneficialExperience10 years driving the Information Technology Security and/or Compliance function in a dynamic, highgrowth corporate, ideally in the telecommunications industry.In addition 3-6 years’ experience on a senior level as information security officer within alarge corporate environment.Progressive leadership experience in computing and information security, including experience withinternet technology and security issues.Proven track record for developing and implementing successful policies and assurance capabilitieswithin a telecoms industry environmentSound knowledge of regulatory Information Compliance (e.g. South Africa POPI Act)Experience in auditing, risk management and legal contracts.Experience at executive level within a large company