Head Of Information Security at Gcubed Boutique Recruitment

Company Description: 

• A successful international financial services company, one of the largest non-bank providers of unsecured credit products is looking for a Head of Information Security to manage the IT Governance of the business. With a nationwide multifaceted distribution footprint, they ensure they are able to service their clients no matter how remote their location.  

Responsibilities:

Policies and Procedures

• Work with other departments, key IT Staff, data custodians and governance groups to:
• Co-ordinate and develop Information Security policies, standards, procedures and guidelines in line with ISMS2700x.
• Co-ordinate and develop IT Governance policies, standards, procedures and guidelines in line with the ITIL best practice methodology.
• Ensure dissemination of ISO documents to country operations and measure compliance.
• Ensure the Governance and Security policies are in line with external and internal compliance requirements.
• Oversee and ensure the dissemination of all policies, standards, procedures and guidelines to the business and its subsidiaries in different countries.  

Education and training awareness

• Coordinate the development and delivery of an ISO and governance awareness and training program for employees.

Governance and Compliance

• Act as the IT governance and compliance officer with respect to technology related governance and compliance:
• Strategy development and implementation, according to the implementation road map.
• Liaise with and help build IT governance and compliance structures, steering committees and reporting.
• Use the GRC assessment, based on ISO2700x, COBIT 5 and SANS20, to perform management self-assessments and document as-is governance and compliance state.

Risk identification and incident management

• Coordinate and facilitate risk assessments via third parties (vulnerability assessments, penetration testing, application code reviews, application architecture and security reviews) to resolve security weaknesses.
• Ensure mitigation strategies are agreed and documented in accordance with maturity levels.
• Document all risks and incidents in a risk register.
• Ensure a risk acceptance process is developed, implemented and monitored.

Requirements: 

• 10+ years’ experience in information security.
• 10+ years ISO27001, ISO27002 experience.
• Exposure to Governance, Risk and Compliance.
• Management experience.
• Project Management skills.
• Budgeting skills.
• Bachelor’s degree in technology or computer science preferable.
• CISM/ CISSP/ CRISK will be an advantage.
• ITIL certification an advantage.

Personal attributes

• Analytical Ability
• Business Acumen
• Risk Identification & Management
• Communicating & Influencing
• Strategic Thinking
• Delegating & Directing
• Visioning & Strategic Direction
• HR for Line
• Reporting/Report Compilation
• People Performance Management
• IT Policy Management & Implementation
• Operational Thinking
• Relationship Building
• Team Management