Our website uses cookies so that we can provide you with the best user experience. By using our website, you agree to using cookies.

Position Summary

EE position: Yes


Applications are invited for the position of Senior Manager: Information Security (Grade 6) based at Bruma. The successful applicants will be reporting to the Chief Information Officer.

Job description

Major Activities


  • Define and understand the Information Security requirements of ATNS
  • Develop, review and adapt the Information Security strategy and roadmap in line with approved organisational/technology strategy and roadmap
  • Develop, implement and embed an Information Security framework, leveraging and integrating relevant best practice frameworks to improve the security posture of the organisation
  • Create, implement and monitor an organisation-wide information security management program (ISMS) to effectively and sustainably manage cybersecurity risks.
  • Direct efforts to establish an information security baseline and target maturity level through a systematic risk assessment process
  • Appropriate engagement with stakeholders, including regional and global entities, to achieve and maintain optimal application of security frameworks, policies and standards across all systems and services
  • Continuously monitor and periodically review the performance and effectiveness of cybersecurity strategy, plans, policies, processes and controls.
  • Define, develop and implement security architecture to enable seamless transition to virtualization, cloud infrastructure and applications, BYOD etc.
  • Develop and implement clear, measurable plans to roll-out fundamental security capabilities including but not limited to IAM, PIM/PAM/PUM, MDM, MFA, DLP
  • Leverage existing resources – infrastructure, services, software to optimise security and minimise the risk of security and data breach incidents.
  • Drive Information security awareness through continuous and relevant awareness programs.
  • Be familiar with and where required ensure compliance with relevant regulation and compliance requirements including POPIA, GPR, ECT, Cybercrime and Cybersecurity Bill, King IV code
  • Keep abreast of cybersecurity trends, IT threat landscape, local and global regulatory requirements, general technology trends and best practices.
  • Regularly perform IT Security risk assessments and penetration tests.
  • Review, adapt and recommended remediation plans and controls promptly to effectively manage security risks
  • Be the technical SME for cybersecurity, consulted for input into all technology solutions, including software/hardware acquisition, development and configuration. 
  • Partner with all internal stakeholders to comply with regulatory requirements related to information security and privacy through implementation of appropriate controls.
  • Develop an Information Security risk assessment plan and schedule across the organisation to review applications, infrastructure and related processes.
  • Develop a risk treatment plan in response to identified risks, vulnerabilities, audit findings, policy and regulatory requirements; investigate and implement risk remediation controls.
  • Collaborate with all IT disciplines to integrate Information Security in every phase of the value chain: project management, architecture, testing, business and technical specifications, third-party software and hardware.
  • Facilitate continuous improvement of the organisation’s security posture, working with expert service providers and internal partners to implement required and/or recommended controls in support of policy, regulation and/or standards
  • Co-ordinate, track and report on the implementation of remediation plans.
  • Establish appropriate metrics for performance measurement of the cybersecurity function; produce regular reports for management to highlight key risks/issues and threats to assist in decision making.
  • Lead the development and establishment of a CSIRT in partnership with the organisation’s ERM framework
  • Lead all Information Security incident response planning, investigation, resolution and closure.
  • Maintain constructive and productive stakeholder relations across the business and with external related entities
  • Develop a comprehensive plan to attract, train and retain staff with the requisite qualifications and expertise to pursue a cybersecurity career.
  • Provide leadership to the organisation’s information security centre
  • Manage the allocation of duties and the performance of all staff in the team
  • Determine capacity requirements (fixed and variable) to effectively deliver the required value and service.
  • Manage outputs by third-party suppliers for optimum value
  • Ensure regular training of self and staff. Ensure that staff remain suitably trained to achieve the outcomes of their job descriptions in a dynamic IT environment.
  • Create and maintain a harmonious and effective work environment to support a motivated, high-performance culture.

Minimum requirements

  • Formal Qualifications: Bachelor’s degree in Information Technology, Information Systems or related field
  • Certifications: CISSP or CISM - required
  • Certifications: Microsoft Azure Security ,ITIL - added advantage

  • Minimum 10 years’ experience in Information Technology.
  • Minimum 7 years’ experience in Information Security.
  • Minimum 4 years’ management experience in Information Security.

Do you require help with the registration process?

Our Support team is here to assist. Tel: +27 87 232 2525 Email: jobseekersupport@careerjunction.co.za

Privacy Statement Terms & Conditions