Readvertisement - Senior Manager: IT Information Security

Listing reference: atns_000061
Listing status: Under Review
Apply by: 1 March 2021
Position summary
Industry: Aviation & Aerospace
Job category: IT-Management
Location: Bedfordview
Contract: Permanent
EE position: Yes
Introduction
Applications are invited for the position of Senior Manager: Information Security (Grade 6) based at Bruma. The successful applicants will be reporting to the Chief Information Officer.
Job description

Major Activities

 

  • Define and understand the Information Security requirements of ATNS
  • Develop, review and adapt the Information Security strategy and roadmap in line with approved organisational/technology strategy and roadmap
  • Develop, implement and embed an Information Security framework, leveraging and integrating relevant best practice frameworks to improve the security posture of the organisation
  • Create, implement and monitor an organisation-wide information security management program (ISMS) to effectively and sustainably manage cybersecurity risks.
  • Direct efforts to establish an information security baseline and target maturity level through a systematic risk assessment process
  • Appropriate engagement with stakeholders, including regional and global entities, to achieve and maintain optimal application of security frameworks, policies and standards across all systems and services
  • Continuously monitor and periodically review the performance and effectiveness of cybersecurity strategy, plans, policies, processes and controls.
  • Define, develop and implement security architecture to enable seamless transition to virtualization, cloud infrastructure and applications, BYOD etc.
  • Develop and implement clear, measurable plans to roll-out fundamental security capabilities including but not limited to IAM, PIM/PAM/PUM, MDM, MFA, DLP
  • Leverage existing resources – infrastructure, services, software to optimise security and minimise the risk of security and data breach incidents.
  • Drive Information security awareness through continuous and relevant awareness programs.
  • Be familiar with and where required ensure compliance with relevant regulation and compliance requirements including POPIA, GPR, ECT, Cybercrime and Cybersecurity Bill, King IV code
  • Keep abreast of cybersecurity trends, IT threat landscape, local and global regulatory requirements, general technology trends and best practices.
  • Regularly perform IT Security risk assessments and penetration tests.
  • Review, adapt and recommended remediation plans and controls promptly to effectively manage security risks
  • Be the technical SME for cybersecurity, consulted for input into all technology solutions, including software/hardware acquisition, development and configuration. 
  • Partner with all internal stakeholders to comply with regulatory requirements related to information security and privacy through implementation of appropriate controls.
  • Develop an Information Security risk assessment plan and schedule across the organisation to review applications, infrastructure and related processes.
  • Develop a risk treatment plan in response to identified risks, vulnerabilities, audit findings, policy and regulatory requirements; investigate and implement risk remediation controls.
  • Collaborate with all IT disciplines to integrate Information Security in every phase of the value chain: project management, architecture, testing, business and technical specifications, third-party software and hardware.
  • Facilitate continuous improvement of the organisation’s security posture, working with expert service providers and internal partners to implement required and/or recommended controls in support of policy, regulation and/or standards
  • Co-ordinate, track and report on the implementation of remediation plans.
  • Establish appropriate metrics for performance measurement of the cybersecurity function; produce regular reports for management to highlight key risks/issues and threats to assist in decision making.
  • Lead the development and establishment of a CSIRT in partnership with the organisation’s ERM framework
  • Lead all Information Security incident response planning, investigation, resolution and closure.
  • Maintain constructive and productive stakeholder relations across the business and with external related entities
  • Develop a comprehensive plan to attract, train and retain staff with the requisite qualifications and expertise to pursue a cybersecurity career.
  • Provide leadership to the organisation’s information security centre
  • Manage the allocation of duties and the performance of all staff in the team
  • Determine capacity requirements (fixed and variable) to effectively deliver the required value and service.
  • Manage outputs by third-party suppliers for optimum value
  • Ensure regular training of self and staff. Ensure that staff remain suitably trained to achieve the outcomes of their job descriptions in a dynamic IT environment.
  • Create and maintain a harmonious and effective work environment to support a motivated, high-performance culture.

Minimum requirements

  • Formal Qualifications: Bachelor’s degree in Information Technology, Information Systems or related field
  • Certifications: CISSP or CISM - required
  • Certifications: Microsoft Azure Security ,ITIL - added advantage


  • Minimum 10 years’ experience in Information Technology.
  • Minimum 7 years’ experience in Information Security.
  • Minimum 4 years’ management experience in Information Security.

Our website uses cookies so that we can provide you with the best user experience. By continuing to use our website, you agree to our use of cookies.