Function Specialist: Info & Cyber Mngt at Transnet

Position Purpose

To ensure that Transnet Freight Rail’s (TFR) business environment is safe, secure, reliable and resilient through provision of capabilities designed to protect Technology, Information assets and Infrastructure resources by:

• Ensuring strategic alignment of information and cyber security in support of business objectives; ensuring availability, confidentiality, integrity, auditability of the TFR’s information systems; ensuring conformity of applicable laws, regulations and standards as well as preventing non repudiation of computer based activities mechanisms. Assisting the business with the selection and implementation of these solutions.

Position Outputs

• Strategy Leads the design, development and implementation of Information and cyber Security Strategy for TFR Operations Technology and Business Systems, Platforms and Infrastructure environment in line with Group ICT Information and Cyber Security Strategy Lead the design, establishment and implementation of Cyber Security Operations Centre Capabilities designed to ensure monitoring of TFR environment and responsiveness to threats and vulnerabilities identified before an incident occurs. Align and oversee that all security requirements are met during the IT Strategic Roadmap implementation. Ensure IT strategies and roadmap initiatives support and are aligned to the security frameworks and policies in place. Ensure enterprise Information Security Architecture is aligned with IT Strategic Roadmap. Develop and communicate security strategies and plans to executive team, staff, partners, customers, and stakeholders
• Information and Cyber Security Management Design, Develop and implement information and cyber security framework that adequately addresses the key cyber pillars of Identify, Protect, Detect, Respond and Recover in line with best practice frameworks such as COBIT, NIST, ISO and SABSA / TOGAF. Oversee and direct information and cyber security activities to execute the information security programme. Lead the TFR IT security team: plan, organize, assign, supervise and monitor the work of team members Ensure that the rules of use for information systems and the administrative procedures for information systems comply with the TFR’s information security policies. Ensure that services provided by other enterprises, including outsourced providers are consistent with established information security policies.
• Define and maintain the security frameworks for Information Security Architecture, Information Security Management and Information Security Technical Operations. Establish constant vigilance over critical information assets. Manage the administration of all computer security systems and their corresponding or associated software, including firewalls, intrusion detection systems, cryptography systems, and anti-virus software. Manage the administration of the facility’s security systems and their corresponding equipment or software, including fire alarms, locks, intruder detection systems, sprinkler systems, and anti-theft measures. Support CIO by managing the IT security architecture through effective information security management and technical security operations functions.
• Establish, control and manage effective mechanisms for resolving all Information security breaches and challenges for TFR. Ensure effective management of access to information. Ensure effective information security architectures supported by management and technical operations functions. Ensure a formal set of processes are in place by which TFR can identify various IT security concerns, gaps and remedial actions to ensure the security of IT operations. Define and communicate corporate plans, procedures, policies, and standards for the organization for acquiring, implementing, and operating new security systems, equipment, software, and other technologies
• Policies and Procedures Ensure effective IT security frameworks, policies and procedures are in place and updated when necessary. Ensure security policies/procedures are defined and implemented across business units and processes. Provide Management Information/Reports to the CIO and Business, where necessary, on the status of Information Security and relevant information.
• Reporting Management and Reporting on information security, cyber breaches and risk mitigation. Create a culture of high performance, value-for-money, optimisation and innovation in Information and Cyber Security function and manage performance of the team effectively.
• People Management Plan, organise, lead and control subordinate's activities to ensure sub-functional objectives are met or exceeded. Manage people development initiatives, succession planning, talent management and performance management to meet functional performance standards. Coach team and create a pro-learning environment. Assess team development needs and close gaps. Provide technical / professional support to internal and external stakeholders to ensure achievement of functional and organisational objectives.
• Stakeholder Management Build, support and maintain healthy, diverse internal and external relationships (government, authorities and agencies) to ensure achievement of organisational goals. Implement remedial actions where required.
• Governance /Compliance/Risk Monitor and ensure adherence to statutory regulations, organisational standards, policies and procedures. Ensure remedial actions are implemented timeously to address non-conformances. Establish and maintain a framework to provided assurance that information security strategies are aligned with business objectives and consistent with applicable laws and regulations. Identity current and potential legal and regulatory issues affecting information and cyber security and assess their impact on the TFR business and operations. Establish and maintain information security policies that support business goals and objectives. Identify and manage information security risks to achieve business objectives: Develop systematic, analytical and continuous risk management process. Ensure that risk identification, analysis and mitigation activities are integrated in projects and processes life cycle.
• Identify and analyze risks through suitable and recommended methods Ensure effective and regular communication of new statutory regulations, organisational standards, policies and procedures to ensure full awareness amongst stakeholders. Financial Management Develop and manage OPEX budget. Track and monitor expenditure. Provide input into ICT overall budget including CAPEX
• Information and Cyber Security Programme Management Design, develop and implement execution of the information and cyber security programme in line with the ICS Strategy and Roadmap Establish and maintain plans to implement the information and cyber security governance framework. Design, develop and implement information and cyber security awareness mindset and culture to ensure that business users are vigilant and cyber threat aware. Define annual information security budget and obtain Information Security Steering Committee approval. Establish and manage capability to response to and recover from disruptive and destructive information systems events: Design, elaborate and implement processes for detecting, identifying and analyzing security related events.
• Develop response and recovery plans including organizing, training, and equipping teams. Ensure periodic testing of the response and recovery plans where appropriate. Remain informed on trends and issues in the security industry, including current and emerging technologies and prices. Advise, counsel, and educate executive and management teams on their relative importance and financial impact.
• Response Management Design, develop, coordinate, maintain and supervise implementation of Information and Cyber Security Response Plans in case of Cyber Security Incident. Develop response and recovery plans including organizing, training, and equipping teams. Establish and manage capability to response to and recover from disruptive and destructive information systems events: Design, elaborate and implement processes for detecting, identifying and analyzing security related events. Ensure periodic testing of the response and recovery plans where appropriate.

Qualifications and Experience

• Qualifications & Experience:Bachelor’s Degree or Equivalent qualification in Information Technology and/or Computer SciencePost-Graduate qualification an added advantage Certifications (at least one of the certificates issued by a recognized professional organization)A Certified Information System Security Professional (CISSP) and/orCertified Information Security Manager (CISM) and /or equivalent certification from a recognised professional organisation is required. Minimum 8 – 10 years experience in Information and Cyber Security Discipline within IT and business/industry work experience including design and deployment of Information and Cyber security programmes, Cyber Tools lifecycle management in line with Information and Cyber Security Architecture Strategy and Roadmap. At least 3 years of experience must be in a leadership position managing multiple large, cross-functional teams or projects, and influencing senior level management and key stakeholders.Requirement of trust and honesty in the handling of finances as per the National Credit Act Amendment 19Must undergo Lifestyle Audit General:Valid Drivers License Code ’08Willing to Travel