Security Compliance Manager at Teraco Data Environments

Job description

Main purpose of the Job

Responsible for ensuring both physical security and for protecting company, client and employee information against unauthorized access, supported by the IT Systems Manager. Responsible for protecting the physical environments of the data center environment, defining a security risk framework and ensuring appropriate compliance, based on threat and risk management approach based on ISO/PCI standards. Responsible for defining, planning and executing overall security strategy, driving the prioritization of security related projects and ensuring alignment with the technology that best provides maximum value risk protection. Responsible for management of the Teraco security team who are responsible for the physical security.

Main Function of the Job

The Company Security Compliance Manager is responsible for:

• Policy: Co-ordinate the development of the Teraco Security Policy, standards and procedures. Work with the Head of Operations, IT, Legal and Operations staff to compile these policies. Ensure these policies, standards and procedures comply with the appropriate external standards and best practices and oversee the dissemination of these standards to the Teraco staff and 3rd party suppliers where appropriate.
• Education and Training: Co-ordinate the development and delivery of an education programme on physical and information security and privacy matters, for induction of employees, ongoing sensitisation of employees, 3rd party contracted staff (e.g. security company staff) and any client on-site located staff.
• Compliance and Enforcement: Ensure compliance to all security policies, procedures and standards (including PCI and ISO27001). Review all security related logs, both physical and digital. Perform regular reviews and rectify non-compliance. When reviewing, assess possible continuous improvement/enhancements that can be applied and ensure policies, procedures and standards are updated accordingly, trained and applied. This will be achieved through maintaining a strong relationship and communication with other staff responsible for a component of security e.g. IT Systems Manager, Compliance Officer, Operations Security Administrator, Receptionist, Head of Operations etc, Data Center Managers.
• Incident Response: Enforce incident management and response procedures, as agreed with the business, within the agreed external and internal SLA. Monitor 3rd Party SLA compliance and if required, raise incident where SLAs are not met. For all incidents assess proposed corrective and preventative actions to ensure that the actions are appropriate, effective and implemented in full. Escalate HR issues to the relevant manager and/or HR where required. Prepared reports where required for clients in respect of these incidents, and support the Head: Service Management in client engagement in respect of these incidents.
• Risk Assessment and Incident Prevention: Develop and implement ongoing risk assessment programme targeting information and physical security matters; recommend methods for vulnerability detection and remediation and oversee vulnerability testing. Create physical and digital security management programs and work with the management team to prioritize security initiatives and issues, and ensure progress made in implementing the agreed to initiatives. Action vulnerability testing findings.
• Official contact: Act as the official contact on physical and information security matters (primary on physical security and shared on information security) in dealing with external auditors, client auditors, standards compliance auditors for PCI and ISO27001 etc.
• Maintain Knowledgebase: Stay updated with current trends in data management and security threats to design effective data security systems. Keep abreast with latest security and privacy legislation, alerts, standards, vulnerabilities and best practices as it relates to Teraco business.
• 3rd Party Security Management: Act as the primary contact in managing the 3rd party relationships, contractual agreements and SLA management as it relates to security suppliers, including the 3rd party security staff, armed response and suppliers of biometric and other security solutions etc. Where required, work with this suppliers to tailor the security solutions to meet Teraco and specific client requirements. Manage the costs and budgets in respect of these suppliers.
• Emergency Preparedness: Ensure that business continuity planning is in place and simulated in respect of possible security breaches. Support the Head of Operations and Head of Infrastructure Management in emergency response planning and implementation.
• Solutions Review and Sign-off: Review and approve all security related (physical and information technology; software and/or hardware) solutions and project plan. Undertake acceptance testing as per project plan, to ensure that the solution implemented as per specification and compliant to security standard. Sign-off all security related solutions (irrespective of functional area responsible for the implementation), prior to handover.
• Management: Performance management and development of National Security Manager and the Security Administrators.

Experience

• Relevant degree/ diploma (at least NQF level 6) and 8 Years relevant experience, of which at least 2 years on management level. An IT degree or diploma would be preferred;
• Experience in managing security staff;
• Experience in designing or implementing IT security solutions and/or physical security solutions, which are underpinned by an IT security solution e.g. biometrics;
• Training or experience in ISO27001 and/or PCI and other relevant standards.

Skill Requirements

• A strong team player with a positive approach to work
• Strong customer service skills
• Good people skills
• Conflict Management
• Influencing, Meditation & Negotiation Techniques
• Leadership Communication
• Communication
• Computer Applications
• Decision Making
• Vendor Performance Measures
• Risk Mitigation
• Presentation skills

If candidates are not contacted within twenty one (21) days, they should consider their application unsuccessful.