SENIOR MANAGER: IT INFORMATION SECURITY -FTC 24 MONTHS
Listing reference: atns_000091
Listing status: Under Review
Apply by: 26 July 2021
Position summary
Industry: Aviation & Aerospace
Job category: IT and Telecommunications
Location: Bedfordview
Contract: Fixed Term Contract
EE position: Yes
Introduction
Applications are invited for the position of Senior Manager: Information Security (FTC 24 months) (Grade 6) based at Bruma. The successful applicants will be reporting to the Chief Information Officer.
Responsible for the development and implementation of the Information Security strategy and roadmap, this individual will implement and embed an Information Security framework leveraging best practice to systematically and sustainably improve the security posture of the organisation. This role is responsible for development and implementation of a comprehensive Information Security program to protect all digital assets in the corporate and OT domains, including applications and supporting infrastructure, from both internal and external threats. Leading from the front, the Senior Manager: Information Security should be a vocal and visible advocate of information security, raising awareness among employees, management and the board. Keeping abreast with the global aviation threat landscape as well technologies available to defend ATNS corporate assets is one of the primary responsibilities of the role.
Job description
· Define and understand the Information Security requirements of ATNS
· Develop, review and adapt the Information Security strategy and roadmap in line with approved organisational/technology strategy and roadmap
· Develop, implement and embed an Information Security framework, leveraging and integrating relevant best practice frameworks to improve the security posture of the organisation
· Create, implement and monitor an organisation-wide information security management program (ISMS) to effectively and sustainably manage cybersecurity risks.
· Direct efforts to establish an information security baseline and target maturity level through a systematic risk assessment process
· Appropriate engagement with stakeholders, including regional and global entities, to achieve and maintain optimal application of security frameworks, policies and standards across all systems and services
· Continuously monitor and periodically review the performance and effectiveness of cybersecurity strategy, plans, policies, processes and controls.
· Define, develop and implement security architecture to enable seamless transition to virtualization, cloud infrastructure and applications, BYOD etc.
· Develop and implement clear, measurable plans to roll-out fundamental security capabilities including but not limited to IAM, PIM/PAM/PUM, MDM, MFA, DLP
· Leverage existing resources – infrastructure, services, software to optimise security and minimise the risk of security and data breach incidents.
· Drive Information security awareness through continuous and relevant awareness programs.
· Be familiar with and where required ensure compliance with relevant regulation and compliance requirements including POPIA, GPR, ECT, Cybercrime and Cybersecurity Bill, King IV code
· Keep abreast of cybersecurity trends, threat landscape, local and global regulatory requirements, general technology trends and best practices.
· Regularly perform IT and OT Security risk assessments and penetration tests.
· Review, adapt and recommended remediation plans and controls promptly to effectively manage security risks
· Be the technical SME for cybersecurity, consulted for input into all technology solutions, including software/hardware acquisition, development and configuration.
· Partner with all internal stakeholders to comply with regulatory requirements related to information security and privacy through implementation of appropriate controls.
· Develop an Information Security risk assessment plan and schedule across the organisation to review applications, infrastructure and related processes.
· Develop a risk treatment plan in response to identified risks, vulnerabilities, audit findings, policy and regulatory requirements; investigate and implement risk remediation controls.
· Collaborate with all IT and OT disciplines to integrate Information Security in every phase of the value chain: project management, architecture, testing, business and technical specifications, third-party software and hardware.
· Facilitate continuous improvement of the organisation’s security posture, working with expert service providers and internal partners to implement required and/or recommended controls in support of policy, regulation and/or standards
· Co-ordinate, track and report on the implementation of remediation plans.
· Establish appropriate metrics for performance measurement of the cybersecurity function; produce regular reports for management to highlight key risks/issues and threats to assist in decision making.
· Lead the development and establishment of a CSIRT in partnership with the organisation’s ERM structures
· Lead all Information Security incident response planning, investigation, resolution and closure.
· Maintain constructive and productive stakeholder relations across the business and with external related entities
· Develop a comprehensive plan to attract, train and retain staff with the requisite qualifications and expertise to pursue a cybersecurity career.
· Provide leadership to the organisation’s information security centre
· Manage the allocation of duties and the performance of all staff in the team
· Determine capacity requirements (fixed and variable) to effectively deliver the required value and service.
· Manage outputs by third-party suppliers for optimum value
· Ensure regular training of self and staff. Ensure that staff remain suitably trained to achieve the outcomes of their job descriptions in a dynamic technology environment.
Create and maintain a harmonious and effective work environment to support a motivated, high-performance
Minimum requirements
Minimum Qualifications
· Bachelor’s degree in Information Technology, Information Systems or related field
· Certifications: CISSP required
· Microsoft Azure Security Certificate an advantage
· ITIL, COBIT, CISA, CISM, an added advantage
Minimum Experience
· Minimum 10 years’ experience in Information Technology.
· Minimum 7 years’ experience in Information Security.
· Minimum 4 years’ management experience in Information Security.
