Information Security Officer (CISA) - Bloemfontein at Datacentrix

Managed Talent Solutions a division within Datacentrix is looking for an Information Security Officer for one of their client based in Kimberly. This is a 6 months fixed term contract. The Information Security Officer must have good understanding of IT Governance Frameworks and Legislation

Qualifications and Experience Required:

• Relevant Degree/Diploma in ICT
• CISA certification
• Willingness to work outside normal hours
• 7 years of related experience
• Proficiency with enterprise information systems, file servers, networked data storage, application software, scripting and programming languages, data communication devices, and disaster recovery utilities
• Knowledge of current systems and network technologies and standards and their practical application in the enterprise environment
• Good understanding of IT Governance frameworks and legislation

Roles and Responsibilities:

• Develop information security plans aligned with business goals and objectives.
• Identify current and potential legal and regulatory requirements affecting information security.
• Identify drivers affecting the university (e.g., technology, business environment, risk tolerance, geographic location) and their impact on information security.
• Obtain senior management commitment to information security.
• Define roles and responsibilities for information security throughout the company.
• Establish internal and external reporting and communication channels that support information security.
• Establish a process for information asset classification and ownership.
• Implement a systemic and structured information risk assessment process.
• Ensure that business impact assessments are conducted periodically.
• Ensure that threat and vulnerability evaluations are performed on an ongoing basis.
• Identify and periodically evaluate information security controls and countermeasures to mitigate risk to acceptable levels.
• Integrate risk, threat and vulnerability identification and management into life cycle processes (e.g., procurement).
• Report significant changes in information risk to appropriate levels of management for acceptance on both a periodic and an event-driven basis.
• Develop and maintain plans to implement the information security strategy.
• Specify the activities to be performed within the information security program.
• Ensure alignment between the information security program and other assurance functions (e.g., physical, human resources, quality, IT).
• Identify internal and external resources (e.g., finances, people, equipment,
• systems) required to execute the security program.
• Ensure the development of information security architectures (e.g., people, processes, technology).
• Establish, communicate, and maintain information security policies that support the security strategy.
• Design and develop a program for information security awareness, training, and education.
• Ensure the development, communication and maintenance of standards, procedures, and other documentation (e.g., guidelines, baselines, codes of conduct) that support information security policies.
• Integrate information security requirements into the (e.g., change control, mergers, and acquisitions) and life cycle activities (e.g.development, employment, procurement).
• Develop a process to integrate information security controls into contracts (e.g. with joint ventures, outsourced providers, business partners, customers, third
• parties).
• Establish metrics to evaluate the effectiveness of the information security program.
• Manage internal and external resources (e.g., finances, people, equipment, systems) required to execute the information security program.
• Ensure that processes and procedures are performed in compliance with the company's information security policies and procedures.
• Ensure the performance of contractually agreed (e.g., with joint ventures, outsourced providers, business partners, customers, third parties) information security controls.
• Ensure that information security is an integral part of the systems development processes and acquisition processes.
• Ensure that information security is maintained processes and life cycle activities.
• Provide information security advice and guidance (e.g., risk analysis, control selection) in the university.
• Provide information security awareness, training, and education (e.g., business process owners, users, information technology) to stakeholders.
• Monitor, measure, test and report on the effectiveness and efficiency of information security controls and compliance with information security policies.
• Ensure that noncompliance issues and other variances are resolved in a timely manner.
• Develop and implement processes for preventing, detecting, identifying, analyzing, and responding to information security incidents.
• Establish escalation and communication processes and lines of authority.