Readvertisement - Senior Manager: IT Information Security
Listing reference: atns_000061
Listing status: Under Review
Apply by: 1 March 2021
Position summary
Industry: Aviation & Aerospace
Job category: IT-Management
Location: Bedfordview
Contract: Permanent
EE position: Yes
Introduction
Applications are invited for the position of Senior Manager: Information Security (Grade 6) based at Bruma. The successful applicants will be reporting to the Chief Information Officer.
Job description
Major Activities
- Define and understand the Information Security requirements of ATNS
- Develop, review and adapt the Information Security strategy and roadmap in line with approved organisational/technology strategy and roadmap
- Develop, implement and embed an Information Security framework, leveraging and integrating relevant best practice frameworks to improve the security posture of the organisation
- Create, implement and monitor an organisation-wide information security management program (ISMS) to effectively and sustainably manage cybersecurity risks.
- Direct efforts to establish an information security baseline and target maturity level through a systematic risk assessment process
- Appropriate engagement with stakeholders, including regional and global entities, to achieve and maintain optimal application of security frameworks, policies and standards across all systems and services
- Continuously monitor and periodically review the performance and effectiveness of cybersecurity strategy, plans, policies, processes and controls.
- Define, develop and implement security architecture to enable seamless transition to virtualization, cloud infrastructure and applications, BYOD etc.
- Develop and implement clear, measurable plans to roll-out fundamental security capabilities including but not limited to IAM, PIM/PAM/PUM, MDM, MFA, DLP
- Leverage existing resources – infrastructure, services, software to optimise security and minimise the risk of security and data breach incidents.
- Drive Information security awareness through continuous and relevant awareness programs.
- Be familiar with and where required ensure compliance with relevant regulation and compliance requirements including POPIA, GPR, ECT, Cybercrime and Cybersecurity Bill, King IV code
- Keep abreast of cybersecurity trends, IT threat landscape, local and global regulatory requirements, general technology trends and best practices.
- Regularly perform IT Security risk assessments and penetration tests.
- Review, adapt and recommended remediation plans and controls promptly to effectively manage security risks
- Be the technical SME for cybersecurity, consulted for input into all technology solutions, including software/hardware acquisition, development and configuration.
- Partner with all internal stakeholders to comply with regulatory requirements related to information security and privacy through implementation of appropriate controls.
- Develop an Information Security risk assessment plan and schedule across the organisation to review applications, infrastructure and related processes.
- Develop a risk treatment plan in response to identified risks, vulnerabilities, audit findings, policy and regulatory requirements; investigate and implement risk remediation controls.
- Collaborate with all IT disciplines to integrate Information Security in every phase of the value chain: project management, architecture, testing, business and technical specifications, third-party software and hardware.
- Facilitate continuous improvement of the organisation’s security posture, working with expert service providers and internal partners to implement required and/or recommended controls in support of policy, regulation and/or standards
- Co-ordinate, track and report on the implementation of remediation plans.
- Establish appropriate metrics for performance measurement of the cybersecurity function; produce regular reports for management to highlight key risks/issues and threats to assist in decision making.
- Lead the development and establishment of a CSIRT in partnership with the organisation’s ERM framework
- Lead all Information Security incident response planning, investigation, resolution and closure.
- Maintain constructive and productive stakeholder relations across the business and with external related entities
- Develop a comprehensive plan to attract, train and retain staff with the requisite qualifications and expertise to pursue a cybersecurity career.
- Provide leadership to the organisation’s information security centre
- Manage the allocation of duties and the performance of all staff in the team
- Determine capacity requirements (fixed and variable) to effectively deliver the required value and service.
- Manage outputs by third-party suppliers for optimum value
- Ensure regular training of self and staff. Ensure that staff remain suitably trained to achieve the outcomes of their job descriptions in a dynamic IT environment.
- Create and maintain a harmonious and effective work environment to support a motivated, high-performance culture.
Minimum requirements
- Formal Qualifications: Bachelor’s degree in Information Technology, Information Systems or related field
- Certifications: CISSP or CISM - required
- Certifications: Microsoft Azure Security ,ITIL - added advantage
- Minimum 10 years’ experience in Information Technology.
- Minimum 7 years’ experience in Information Security.
- Minimum 4 years’ management experience in Information Security.