Function Specialist: Info & Cyber Mngt at Transnet

Position Purpose

• To ensure that Transnet Freight Rail’s (TFR) business environment remains safe, secure, reliable and resilient through the implementation of information and cyber security capabilities. This includes aligning cyber security to business objectives, ensuring confidentiality, integrity, availability and auditability of information systems, complying with legislation and standards, and guiding the business in the selection and implementation of security solutions.

Key Outputs / Responsibilities

• Strategy
• Lead the design, development and implementaton of the Information and Cyber Security Strategy for TFR operational and business systems in alignment with Group ICT standards.
• Establish and implement Cyber Security Operations Centre (CSOC) capabilities for proactive monitoring and threat response.
• Ensure all IT strategic initiatives meet security requirements and are aligned to security frameworks and policies.
• Align enterprise Information Security Architecture with the IT Strategic Roadmap.
• Communicate security strategies and plans to executives, staff, partners and stakeholders.
• Information and Cyber Security Management
• Develop and implement comprehensive security frameworks based on COBIT, NIST, ISO, SABSA/TOGAF.
• Oversee and direct execution of the information security programme.
• Lead, manage and mentor the IT security team.
• Ensure compliance of administrative and system use procedures with TFR security policies.
• Ensure outsourced services adhere to established information security policies.
• Manage administration of all security technologies including firewalls, IDS, cryptography, antivirus and facility security systems.
• Maintain vigilance over critical information assets.
• Establish mechanisms to prevent, identify and resolve security breaches.
• Ensure effective access management and security operations processes.
• Define and communicate policies, standards and corporate security plans for new technologies.
• Policies and Procedures
• Implement and maintain IT security policies, frameworks and procedures.
• Ensure consistent policy application across business units.
• Provide security performance and risk reports to CIO and relevant stakeholders.
• Reporting
• Report on information security status, cyber incidents and mitigation measures.
• Promote a culture of performance, innovation and value-for-money within the cyber security function.
• People Management
• Lead, plan and monitor team activities to achieve functional goals.
• Drive performance management, talent management and succession planning.
• Coach staff and promote a learning culture.
• Provide technical support to stakeholders.
• Stakeholder Management
• Build and maintain relationships with internal and external stakeholders, including government and regulatory bodies.
• Implement corrective actions where necessary.
• Governance, Compliance and Risk
• Ensure adherence to statutory regulations, policies and organisational standards.
• Identify legal and regulatory developments related to cyber security and assess business impact.
• Maintain policies aligned to business objectives.
• Lead continuous risk identification, assessment and mitigation across projects and processes.
• Communicate new regulations and policies to ensure awareness.
• Financial Management
• Develop and manage the OPEX budget.
• Track and monitor security expenditure.
• Provide input into ICT CAPEX planning.
• Information and Cyber Security Programme Management
• Implement the Information and Cyber Security Programme in line with strategy.
• Maintain governance plans and promote cyber awareness across the organisation.
• Define and manage annual security budgets.
• Establish response and recovery capabilities for disruptive events.
• Oversee design, testing and improvement of incident response processes.
• Stay informed on global security trends and advise management.
• Response Management
• Develop and coordinate cyber incident response plans.
• Ensure teams are trained, equipped and tested for response and recovery.
• Implement processes for detecting, identifying and analysing security events.

Qualifications and Experience

Minimum Requirements:

• Bachelor’s Degree in Information Technology, Computer Science or equivalent.
• Postgraduate qualification is an added advantage.

Required Certifications (at least one):

• CISSP
• CISM
• Equivalent certification from a recognised professional body

Experience:

• 8–10 years in Information and Cyber Security in both IT and business environments.
• Experience in designing and deploying cyber security programmes and managing security tool lifecycles.
• Minimum 3 years in a leadership role overseeing large, cross-functional teams or projects.
• Must meet trust and honesty standards in line with the National Credit Act Amendment 19.
• Must undergo a lifestyle audit.
• General Requirements:
• Valid Code 08 Driver’s Licence.
• Willingness to travel.
• Competencies
• Core Competencies
• Strategy and sustainability
• Business performance and delivery
• Relationship management
• Corporate governance and compliance
• Personal mastery

Knowledge:

• Understanding of transport industry (advantage)
• Knowledge of technology trends and public-sector dynamics
• Strong capability in strategic and tactical cyber security planning
• In-depth knowledge of IT Strategy, enterprise security, data protection laws and security frameworks
• Understanding of organisational and technical security processes