Responsible for the identification, measurement, control and minimisation of loss associated with uncertain risks throughout the ICT environment. The development, documentation, implementation and monitoring of an Information risk management framework including policies, standards, procedures, and security architecture to ensure delivery and awareness of sound Information Security management practices company wide, including compliance with national legislation and international standards. Researches and stays abreast of worldwide best practice and regulations. Provides expert advice and consultancy with respect to risk management practices and concerns within IT and business architectures, applications, changes, solutions and operational processes.
- Patiently scroll down and read the job description below.
- Scroll down and find how to apply or mode of application for this job after the job description.
- Carefully follow the instructions on how to apply.
- Always apply for a job by attaching CV with a Cover Letter / Application Letter.
KNOWLEDGE/SKILLS Information Risk Assessment & Management; Change Management & Change Risk; Security Standards, Policies & Practices; Information Risks within Systems & IT Architecture; Information Risks within People & Processes; Enterprise & Security Architecture; Operational Security Practices; Management Information Security Awareness; Analytical & Investigative; Communication & Interpretation; Decision Making; Problem Solving; Project & Task Management; Risk Awareness COMPETENCIES Integrity; Assertive; Confident; Initiator; Supportive; Persuasive; Team Player; Problem Ownership
Information Security Risk Management
• Report on Enterprise Information Risk
• Research, Identify and Assess Information threats to business (New and existing)
• Project and Change Consultation and Assessment of Risk
• Information Risk assessment, rating, management, and resolution
• Represent Information Security in Governance and Business processes
• Monitor, Assess and Report on Operational Security Assurance process Information Security Governance
• Create/ Maintain/ Communicate Information Security Policies and Standards
• Ensure Regulatory and Security Policy Compliance and Business Risk alignment
• Manage Policy review, update and approvals process
• Support Security Governance Forum and ISMS Processes
• Maintain Information Security Strategy ensuring Business Strategy Alignment
• Ensure Information Security Awareness of Policy and Business Risks Information Security Architecture
• Ensure Enterprise Security Architecture aligns with business requirements and risks
• Advise and recommend Technical Security direction in support of Enterprise Security Architecture
• Define, Assess and Communicate Information Security elements within Business and IT Architecture
• Information Security input to Business cases and projects
• Ensure Information Security Architecture requirements are met within all systems and processes
Mandatory certifications: Must have at least one of the following – CISM, CRISC CISSP, SABSA or ISO27001/2 Additional desired certification: CoBIT, TOGAF, ITIL
Relevant 3 year Degree or Diploma in IT or Information Security (at least NQF level 6)
Minimum of 5 years experience in a IT, Network or Information Security role, of which at least 3 years must have been in an Information Security Risk Management or Information Security Governance role.
• Prepared to work all hours as required
• Valid driver’s license
• No Criminal record
Applicants with strong knowledge and experience of Information Security Governance Management across multiple domains, which includes Security Strategy and Architecture, as well as CISM, CRISC CISSP, SABSA or ISO27001/2 will have an advantage. Preference will be given to AA candidates.
Closing Date: 2021/07/23