Readvertisement - Senior Manager: IT Information Security
Advert reference: atns_000061
Advert status: Under Review
Apply by: 1 March 2021
Industry: Aviation & Aerospace
Job category: IT-Management
EE position: Yes
Applications are invited for the position of Senior Manager: Information Security (Grade 6) based at Bruma. The successful applicants will be reporting to the Chief Information Officer.
Define and understand the Information Security requirements of ATNS
Develop, review and adapt the Information Security strategy and roadmap in line with approved organisational/technology strategy and roadmap
Develop, implement and embed an Information Security framework, leveraging and integrating relevant best practice frameworks to improve the security posture of the organisation
Create, implement and monitor an organisation-wide information security management program (ISMS) to effectively and sustainably manage cybersecurity risks.
Direct efforts to establish an information security baseline and target maturity level through a systematic risk assessment process
Appropriate engagement with stakeholders, including regional and global entities, to achieve and maintain optimal application of security frameworks, policies and standards across all systems and services
Continuously monitor and periodically review the performance and effectiveness of cybersecurity strategy, plans, policies, processes and controls.
Define, develop and implement security architecture to enable seamless transition to virtualization, cloud infrastructure and applications, BYOD etc.
Develop and implement clear, measurable plans to roll-out fundamental security capabilities including but not limited to IAM, PIM/PAM/PUM, MDM, MFA, DLP
Leverage existing resources – infrastructure, services, software to optimise security and minimise the risk of security and data breach incidents.
Drive Information security awareness through continuous and relevant awareness programs.
Be familiar with and where required ensure compliance with relevant regulation and compliance requirements including POPIA, GPR, ECT, Cybercrime and Cybersecurity Bill, King IV code
Keep abreast of cybersecurity trends, IT threat landscape, local and global regulatory requirements, general technology trends and best practices.
Regularly perform IT Security risk assessments and penetration tests.
Review, adapt and recommended remediation plans and controls promptly to effectively manage security risks
Be the technical SME for cybersecurity, consulted for input into all technology solutions, including software/hardware acquisition, development and configuration.
Partner with all internal stakeholders to comply with regulatory requirements related to information security and privacy through implementation of appropriate controls.
Develop an Information Security risk assessment plan and schedule across the organisation to review applications, infrastructure and related processes.
Develop a risk treatment plan in response to identified risks, vulnerabilities, audit findings, policy and regulatory requirements; investigate and implement risk remediation controls.
Collaborate with all IT disciplines to integrate Information Security in every phase of the value chain: project management, architecture, testing, business and technical specifications, third-party software and hardware.
Facilitate continuous improvement of the organisation’s security posture, working with expert service providers and internal partners to implement required and/or recommended controls in support of policy, regulation and/or standards
Co-ordinate, track and report on the implementation of remediation plans.
Establish appropriate metrics for performance measurement of the cybersecurity function; produce regular reports for management to highlight key risks/issues and threats to assist in decision making.
Lead the development and establishment of a CSIRT in partnership with the organisation’s ERM framework
Lead all Information Security incident response planning, investigation, resolution and closure.
Maintain constructive and productive stakeholder relations across the business and with external related entities
Develop a comprehensive plan to attract, train and retain staff with the requisite qualifications and expertise to pursue a cybersecurity career.
Provide leadership to the organisation’s information security centre
Manage the allocation of duties and the performance of all staff in the team
Determine capacity requirements (fixed and variable) to effectively deliver the required value and service.
Manage outputs by third-party suppliers for optimum value
Ensure regular training of self and staff. Ensure that staff remain suitably trained to achieve the outcomes of their job descriptions in a dynamic IT environment.
Create and maintain a harmonious and effective work environment to support a motivated, high-performance culture.
Formal Qualifications: Bachelor’s degree in Information Technology, Information Systems or related field
Certifications: CISSP or CISM - required
Certifications: Microsoft Azure Security ,ITIL - added advantage
Minimum 10 years’ experience in Information Technology.
Minimum 7 years’ experience in Information Security.
Minimum 4 years’ management experience in Information Security.
Do you require help with the registration process?