Applications are invited for the position of Senior Manager: Information Security (Grade 6) based at Bruma. The successful applicants will be reporting to the Chief Information Officer.

Major Activities

 

• Define and understand the Information Security requirements of ATNS
• Develop, review and adapt the Information Security strategy and roadmap in line with approved organisational/technology strategy and roadmap
• Develop, implement and embed an Information Security framework, leveraging and integrating relevant best practice frameworks to improve the security posture of the organisation
• Create, implement and monitor an organisation-wide information security management program (ISMS) to effectively and sustainably manage cybersecurity risks.
• Direct efforts to establish an information security baseline and target maturity level through a systematic risk assessment process
• Appropriate engagement with stakeholders, including regional and global entities, to achieve and maintain optimal application of security frameworks, policies and standards across all systems and services
• Continuously monitor and periodically review the performance and effectiveness of cybersecurity strategy, plans, policies, processes and controls.
• Define, develop and implement security architecture to enable seamless transition to virtualization, cloud infrastructure and applications, BYOD etc.
• Develop and implement clear, measurable plans to roll-out fundamental security capabilities including but not limited to IAM, PIM/PAM/PUM, MDM, MFA, DLP
• Leverage existing resources – infrastructure, services, software to optimise security and minimise the risk of security and data breach incidents.
• Drive Information security awareness through continuous and relevant awareness programs.
• Be familiar with and where required ensure compliance with relevant regulation and compliance requirements including POPIA, GPR, ECT, Cybercrime and Cybersecurity Bill, King IV code
• Keep abreast of cybersecurity trends, IT threat landscape, local and global regulatory requirements, general technology trends and best practices.
• Regularly perform IT Security risk assessments and penetration tests.
• Review, adapt and recommended remediation plans and controls promptly to effectively manage security risks
• Be the technical SME for cybersecurity, consulted for input into all technology solutions, including software/hardware acquisition, development and configuration. 
• Partner with all internal stakeholders to comply with regulatory requirements related to information security and privacy through implementation of appropriate controls.
• Develop an Information Security risk assessment plan and schedule across the organisation to review applications, infrastructure and related processes.
• Develop a risk treatment plan in response to identified risks, vulnerabilities, audit findings, policy and regulatory requirements; investigate and implement risk remediation controls.
• Collaborate with all IT disciplines to integrate Information Security in every phase of the value chain: project management, architecture, testing, business and technical specifications, third-party software and hardware.
• Facilitate continuous improvement of the organisation’s security posture, working with expert service providers and internal partners to implement required and/or recommended controls in support of policy, regulation and/or standards
• Co-ordinate, track and report on the implementation of remediation plans.
• Establish appropriate metrics for performance measurement of the cybersecurity function; produce regular reports for management to highlight key risks/issues and threats to assist in decision making.
• Lead the development and establishment of a CSIRT in partnership with the organisation’s ERM framework
• Lead all Information Security incident response planning, investigation, resolution and closure.
• Maintain constructive and productive stakeholder relations across the business and with external related entities
• Develop a comprehensive plan to attract, train and retain staff with the requisite qualifications and expertise to pursue a cybersecurity career.
• Provide leadership to the organisation’s information security centre
• Manage the allocation of duties and the performance of all staff in the team
• Determine capacity requirements (fixed and variable) to effectively deliver the required value and service.
• Manage outputs by third-party suppliers for optimum value
• Ensure regular training of self and staff. Ensure that staff remain suitably trained to achieve the outcomes of their job descriptions in a dynamic IT environment.
• Create and maintain a harmonious and effective work environment to support a motivated, high-performance culture.