Cyber Security Officer - Midrand at Saint-Gobain Africa

WHY DO WE NEED YOU ?

• Responsible for developing and implementing an information security program, which includes procedures and policies designed to protect enterprise communications, systems and assets from both internal and external threats.

Qualifications required to fulfil the role

• Grade 12
• MCSE or CCNA or relevant IT qualification.
• One (or more) certifications in the Security field (CISSP, CISA, CISM …).
• Business Diploma / Degree (added Advantage).

Specific Work Experience, Knowledge and Skills required to fulfil the role

• 5 Years’ experience in Managing Cyber Security in the Manufacturing sector.
• IT Infrastructure or Applications Support (would be an advantage).
• Experience is report writing and creating SOP’s, Policies and Procedures.
• Attention to detail.
• Drive digitalization within the Cyber Security sector.

Key Accountabilities

Handling of security incidents:

• Strong mobilization and responsibility in the handling of security incidents within his or her reporting scope.

Operational security:

• Empowerment for operational security over his/her reporting scope.

Policies and Compliance:

Governance

• Participation in defining the strategy over his/her reporting scope.
• Understand and apply the security roadmap:
• Advise the Management of the Business or Delegation within his/her reporting scope about any security questions.
• Contribute to the proposal of a security budget concerning his/her reporting scope.
• Produce a security dashboard containing the elements requested and send it on a quarterly basis to the Cybersecurity team.

Policies

• Application of security rules and standards.
• Keep up to date with and potentially contribute to developments in security rules and standards defined by the Policies & Compliance team.

Risk analysis

• Risk management at entity level.

Control

• Check and follow up the application of rules concerning his/her reporting scope.
• Perform level-1 checks (self-check with or without technical tests) requested by the central Security & Compliance team.
• Contribute to level-2 checks made by the central Policies & Compliance team.
• Define and conduct further checks if necessary.
• Report on all control actions to the central Policies & Compliance team.

Sensitization/Training:

• Raise employee awareness and train specific groups of people within his/her reporting scope.
• Contribute to running Cybersecurity awareness campaigns aimed at all employees and subcontractors (Help Desk, outsourcer, etc.).
• Contribute to training:
• Project leaders within his/her reporting scope as part of the training program defined by central Cybersecurity team.
• Administrators within his/her reporting scope as part of the training program defined by central Cybersecurity team.
• Developers, especially from the eventual applications services from Delegation within his/her reporting scope.
• Take part in training provided for Security Officers by the Group.

TO MAKE SURE NOTHING IS FORGOTTEN

Integrating security into projects (SIP):

• Application of the rules and analysis of the risks in projects within the perimeter covered by his/her SGTS (and possibly for Delegation applications)
• Make sure that the SIP methodology defined by the central Cybersecurity team is taken into consideration in projects containing infrastructure
• Make sure that all projects include the necessary security check points (penetration tests, review of rights management, etc.)
• Support project leaders in the application of the methodology with an investment proportionate to the project’s security needs
• Ensure the formal security approval of projects:
• Validation of the security component of any local infrastructure project, particularly in manufacturing sites
• Validation of the security component of any connecting Delegation application
• If the impact of residual risks is limited to his/her reporting scope: right of acceptance or refusal at his/her level
• If the impact of residual risks exceeds his/her reporting scope: right of refusal at his/her level or, if accepted, request Cybersecurity expert team for validation

Community leadership:

• Active participation in the security community

Security projects:

• Active participation in all security projects
• Validation of the security component in projects

Business continuity:

• Ensure IT recovery in the event of a major unavailability concerning his/her reporting scope
• Define and ensure the updating of the IT Recovery Plan (ITRP):
• Contribute to the preparation of the Business Continuity Plan in support of the Web and Applications Security Officer and SGTS Manufacturing Infrastructure Managers

Communication:

• Explain with clarity Saint-Gobain’s strategy and developments

Internal control:

• Check the compliance of the Application Competency Centers with the Internal Control Framework, in order to be fully compliant with the IT General Controls tested by the External auditors, and specifically:

Management Key Accountabilities

Strategy:

• Contribute and implement IT Security strategy to align with business strategy.
• Contribute and implement Group IT Security Strategy and align with business
• Coordinating and aligning internal Resources to deliver on IT cyber security Strategy

Other:

• Create and maintain and enforce IT policies to ensure we follow a consistent structured and approved approach.
• Ensure compliance with regards to Corporate Governance aligned to the SGCP Group standard
• Ensure the division complies with procedures and policies of Saint-Gobain
• Adherence to Principles of Conduct & Action.
• Comply with Competitions Act.
• Comply with HSE standards.