Information Security Lead (SvW) at Mediro Recruitment

Description

Responsible for developing and managing Information Systems cyber security, including disaster recovery, database protection and software development. Develop and deliver Information Security standards, best practices, architecture and systems to ensure information system security across company.

• Ensure that all policies developed are in line with contractual, legislative and industry best practice
• Ensure that all policy exceptions are documented and tracked through their risk life cycle
• Drive implementation and policy compliance across all business units
• Create and rollout an awareness program
• Define and measure metrics to ensure awareness programs are effective
• Establish and implement an information security risk management framework
• Manage and maintain an information security risk register that document, evaluates, and tracks all information security risks and feeds into the organisational risk register
• Oversee, identify, and manage all related operational costs in accordance with financial policies, procedures, processes, prescribed schedule of payments, procurement and subcontractor management policies and procedures
• Establish and maintain appropriate internal controls and reporting systems to meet performance expectations
• Ensure operating efficiencies through enhanced resource management and budget control
• Manage and maintain compliance of Payment Card Industry Data Security Standard
• Ensure that there are regular information security audits and penetration testing on various levels of application, database, policy etc
• Ensure that all contracted security requirements are fulfilled
• Control the management of organisational risks through monitoring and reporting mechanisms
• Review the Business Continuity and Disaster Recovery plans annually to ensure all tasks are correctly assigned and are implementable by designated personnel
• Monitor compliance of organisational policies and procedures and adherence to all statutory and regulatory requirements prescribed for overall corporate governance
• Responsible for the team that support

Minimum Requirements

KNOWLEDGE & EXPERIENCE

• Strong technical background in systems and network security
• Project Management skills (ability to plan, organize, coordinate, and implement)
• Experience in compilation of management reports
• Understanding of, and practical experience of applying the Data Protection Act, the Freedom of Information Act and other related legislation, standards and codes of practice
• Knowledge of information security including ISO/IEC 27001 Information Security Management Standard

MINIMUM REQUIREMENTS

• Matric
• Relevant undergraduate degree/diploma and/or certificate
• Certification or completion of CISSP, CISM, CISA, ISO/ IEC 27001 Lead Implementor and/or CompTIA Security+
• 8 years’ experience in information security (with at least 2 years in a Management role)