General Manager: Cyber and Information Security (CISO) at The South African National Roads Agency (SANRAL)

MINIMUM REQUIREMENTS

• NQF Level 8 qualification: Computer Science / Information Technology or equivalent. 
• Certification on either: CISSP / CISA / CISM / COBIT.
• 10y ears experience in a related work environment with specific experience in Information Security, IT Risk, IT Governance, security assessments, security audits and Compliance, of which 5 years must have been at a senior management level.
• Illustrated experience in leading a team on projects.

ADVANTAGEOUS

• PMP certification.
• Knowledge of public sector.

TECHNICAL COMPETENCIES

• Extensive technical knowledge of information technology and general ICT services, solutions, systems and processes. 
• Extensive knowledge of Enterprise Architecture Planning, solution design, development and operations with respect to security.
• Solid understanding of Operating System Security, Network Security, Application and Mobile Security that includes threat and controls
• Extensive experience across threat and vulnerability management, including perimeter security, DLP and Identity Management.
• Extensive knowledge of industry trends and best practices to protect company data by applying data security management principles, policies and processes.
• Knowledge of the latest technological trends to promote new technologies within the organization and suggest changes to the present framework.
• Extensive knowledge of Contract Management and subcontractor engagement processes.

Strategy Development, Security Policies, Guidelines and Processes

• Establish, implement and monitor Cyber and Information Security Strategy in line with SANRAL business strategy (Horizon 2030) and SANRAL ICT strategy.
• Set objectives for ICT security policies.
• Periodically review audit results.
• Performance management within the Applications and Infrastructure management team.
• Analyse industry and technology trends and advancements to determine potential impact upon the security landscape of the enterprise.
• Define and implement business continuity management plan to maintain and architect effective disaster recovery measures.

Information Security Architecture and IT Governance

• Define IT governance structures in support of the ICT Strategy and to ensure alignment of ICT to business.
• Define and implement Information Security Architecture, principles, tools and technologies; and
• Define and implement IT governance processes.

IT Risk Management

• Develop IT Risk Management framework, policies and procedures.
• Ensure system security within ICT business units complies with audit and information security expectation.
• Conduct ICT Risk and vulnerability self-assessment.
• Co-ordinate IT Audit and Risk feedback; and
• And Ensure ICT disaster recovery is in place and tests are conducted regularly in accordance with business continuity management plans.