· Define and understand the Information Security requirements of ATNS
· Develop, review and adapt the Information Security strategy and roadmap in line with approved organisational/technology strategy and roadmap
· Develop, implement and embed an Information Security framework, leveraging and integrating relevant best practice frameworks to improve the security posture of the organisation
· Create, implement and monitor an organisation-wide information security management program (ISMS) to effectively and sustainably manage cybersecurity risks.
· Direct efforts to establish an information security baseline and target maturity level through a systematic risk assessment process
· Appropriate engagement with stakeholders, including regional and global entities, to achieve and maintain optimal application of security frameworks, policies and standards across all systems and services
· Continuously monitor and periodically review the performance and effectiveness of cybersecurity strategy, plans, policies, processes and controls.
· Define, develop and implement security architecture to enable seamless transition to virtualization, cloud infrastructure and applications, BYOD etc.
· Develop and implement clear, measurable plans to roll-out fundamental security capabilities including but not limited to IAM, PIM/PAM/PUM, MDM, MFA, DLP
· Leverage existing resources – infrastructure, services, software to optimise security and minimise the risk of security and data breach incidents.
· Drive Information security awareness through continuous and relevant awareness programs.
· Be familiar with and where required ensure compliance with relevant regulation and compliance requirements including POPIA, GPR, ECT, Cybercrime and Cybersecurity Bill, King IV code
· Keep abreast of cybersecurity trends, threat landscape, local and global regulatory requirements, general technology trends and best practices.
· Regularly perform IT and OT Security risk assessments and penetration tests.
· Review, adapt and recommended remediation plans and controls promptly to effectively manage security risks
· Be the technical SME for cybersecurity, consulted for input into all technology solutions, including software/hardware acquisition, development and configuration.
· Partner with all internal stakeholders to comply with regulatory requirements related to information security and privacy through implementation of appropriate controls.
· Develop an Information Security risk assessment plan and schedule across the organisation to review applications, infrastructure and related processes.
· Develop a risk treatment plan in response to identified risks, vulnerabilities, audit findings, policy and regulatory requirements; investigate and implement risk remediation controls.
· Collaborate with all IT and OT disciplines to integrate Information Security in every phase of the value chain: project management, architecture, testing, business and technical specifications, third-party software and hardware.
· Facilitate continuous improvement of the organisation’s security posture, working with expert service providers and internal partners to implement required and/or recommended controls in support of policy, regulation and/or standards
· Co-ordinate, track and report on the implementation of remediation plans.
· Establish appropriate metrics for performance measurement of the cybersecurity function; produce regular reports for management to highlight key risks/issues and threats to assist in decision making.
· Lead the development and establishment of a CSIRT in partnership with the organisation’s ERM structures
· Lead all Information Security incident response planning, investigation, resolution and closure.
· Maintain constructive and productive stakeholder relations across the business and with external related entities
· Develop a comprehensive plan to attract, train and retain staff with the requisite qualifications and expertise to pursue a cybersecurity career.
· Provide leadership to the organisation’s information security centre
· Manage the allocation of duties and the performance of all staff in the team
· Determine capacity requirements (fixed and variable) to effectively deliver the required value and service.
· Manage outputs by third-party suppliers for optimum value
· Ensure regular training of self and staff. Ensure that staff remain suitably trained to achieve the outcomes of their job descriptions in a dynamic technology environment.
Create and maintain a harmonious and effective work environment to support a motivated, high-performance