• Login Name       Password       Remember me       LOGIN LOGIN    FORGOT PASSWORD
  • REGISTER

 LOGIN WITH
 
 
 
 
 EMPLOYERS
 
 
 
 
 
 NEWSLETTER
 
 
 
 
 FOLLOW US

Executive: Information Security Governance

Job Ref
284101
Job Type
Permanent
Employer Type
Company
Date Added 12 Jan 2021
Expiry Date 9 Feb 2021
* There have been 26 applications to this job.
* This job has been viewed 6598 times.
Employer:
Openserve

Location:
Gauteng

Salary:
Market related

Benefits:


Role details:
Core Description:

- Responsible for establishing and maintaining the information security program to ensure that information assets and associated technology, applications, systems,
infrastructure and processes are adequately protected in the digital ecosystem; responsible for identifying, evaluating and reporting on legal and regulatory, IT, and
cybersecurity risk to information assets, while supporting and advancing business objectives. Provides business strategic direction, support, advisory and consultancy
with respect to information and cyber risk management practices and concerns within IT, Enterprise, finance, and business architectures, including applications,
changes, solutions and operational processes.
- The Executive: ISG position requires a visionary leader with sound knowledge of business management and a working knowledge of cybersecurity technologies
covering the corporate network as well as the broader digital ecosystem whilst proactively working with business units and ecosystem partners to implement
practices that meet agreed-on policies and standards for information security.
- The candidate should understand, demonstrate and articulate the impact of cybersecurity on (digital) business, and be able to communicate this to senior
stakeholders. He or she serves as the process owner of the appropriate second-line assurance activities not only related to confidentiality, integrity and availability,
but also to the safety, privacy and recovery of information owned or processed by the business in compliance with regulatory requirements.
- The candidate must be knowledgeable about both internal and external business environments, and ensure that information systems are maintained in a fully
functional and secure mode and are compliant with legal, regulatory and contractual obligations whilst also being a thought leader, a builder of consensus and of
bridges between business and technology. He or she is an integrator of people, process and technology.
- - - - - - - - - - - - - -
Job responsibilities:

Information Security Management
- Provide leadership and vision to ensure information security obstacles to achievement of business objectives are identified and addressed
- Effectively Communicate Information Security risk to senior stakeholders
- Ensure availability of appropriate skills, technologies, processes and resources
- Ensure all security teams, services, technologies and processes are coordinated throughout the organization
- Ensure production of timely, informative and accurate business and IT metrics relating to information risk - using these metrics prioritise key initiatives to reduce or
respond to business risk
- Ensure that business systems and information security services and security of customer products and services are aligned and managed
Information Security Governance
- Oversee and coordinate all aspects of alignment of Telkom's Information Security Management System
- Ensure Appropriate Security Governance Create/ Maintain/ Communicate Information Security Policies and Standards
- Ensure Regulatory and Security Policy Compliance and Business Risk alignment through review and update processes
- Maintain Information Security Strategy ensuring Business Strategy Alignment, development of business cases to support short and long term strategic initiatives
- Ensure delivery of Information Security Awareness activities to communicating behavior, threats, and Business Risks
Information Security Risk Management
- Report to Business on assessment of Enterprise Information threats and Risks, ensure business affecting risks are included on Risk register
- Ensure appropriate Research, Identification and Assessment of Information threats to business (New and existing)
- Ensure and Manage Project and Change Consultation and Assessment of Risk
- Ensure appropriate security systems, tools and resources are made available to protect business initiatives
- Information Risk assessment, rating, management, and resolution
- Ensure Information Security Governance and Business forums operate and support business risk management
- Monitor, Assess and Report on Operational Security Assurance
- Ensure security operations and incident response capabilities are appropriate for threat environment
- Information Security Architecture
- Ensure Enterprise Security Architecture aligns with business requirements and risks
- Advise and recommend Technical Security direction in support of Enterprise Security Architecture
- Define, Assess and Communicate Information Security elements within Business and IT Architecture
- Information Security input to Business cases and projects
- Ensure Information Security Architecture requirements are met within all systems and processes
- Ensure network, technology and security architectures are consistent throughout the company
Framework Development
- Create and manage a unified and up-to-date and flexible information security management and control framework to integrate and normalize the wide variety and
ever-changing requirements resulting from global laws, standards and regulations.
- Develop and maintain a document framework of continuously up-to-date information security policies, standards and guidelines. Oversee the approval and publication
of these information security policies and practices.
- Create a framework for roles and responsibilities with regard to information ownership, classification, accountability and protection of information assets.
- Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation, and increase the
maturity of the information security, and review it with stakeholders at the executive and board levels


Functional knowledge and skills:

Business Threat Identification and Communication;
Information Risk Assessment and Management;
Regulatory and Legal Frameworks; Change
Management and Change Risk; Security Standards,
Policies and Practices; Information Risks within
Systems and IT Architecture; Information Risks within
people and processes; Infrastructure Risks to business
delivery; Enterprise and Security Architecture;
Operational Security Practices and Management
Information Security Awareness; Information Security
value.
Knowledge and understanding of relevant legal and
regulatory requirements, such as Sarbanes-Oxley Act
(SOX), Accountability Act (HIPAA), NIST, ISF, PoPIA,
GDPR or Payment Card Industry/Data Security
Standard.

Strategy formulation & Execution; Incident
Management and Response; Analytical and
investigative; Communication and Interpretation;
Decision making; Problem solving; Project and
complex task management; Risk Awareness and
explanation


Experience:

8 years or more practical experience in IT or
Information Security, of which seven years must
Required at least one of: CISM, CRISC
CISSP, SABSA
include an IT, Network or Information Security role,
with the least 3 years in a senior Information Risk
management role.


Qualifications:

Relevant 4-year Degree or Diploma in IT (at least NQF
level 7); and Information Security certification





 
HOME|
INFO|