Information Security Officer at SBV Services (Pty) Ltd.

Description

Support Technology Strategy & Innovation

• Implement information security strategies to promote data protection and increase governance, risk management, and compliance.
• Provide input to the Information Security framework and roadmap, including controls, compliance, and regulatory requirements.
• Analyse the risk of new technology or applications for compliance with information security and risk management frameworks.
• Develop and cascade a communication plan for compliance with ICT Security policies, standards and guidelines and escalate non- compliance matters to the Head of Information Security.
• Keep updated on emerging information security threats and recommend proactive strategies to protect and prevent the company from becoming vulnerable to security attacks.
• Provide advice and input into cloud security and automation (CaaS) or cybersecurity as a service (CSaaS) technologies to address cloud security issues.

Planning and Organisation

• Develop and implement ICT Security policies and standards that support and enable business strategy at the strategic planning, tactical and operational business unit levels.
• Continuously enhance the information security management framework by developing measures to detect, prevent and minimize the impact of breaches to information systems and data.

Execute Analysis and Design Activities

• Develop an understanding of project management principles and the Software Development Lifecycle to align security principles and measures at the appropriate phases of solution requirement definition, design, licensing requirements and testing.
• Provide accurate and timely reporting of ICT security risks identified during the development phase and propose remediation and mitigation actions in line with information security framework and good practice.
• Collaborate with key stakeholders in Technology to assure technical solutions are designed and implemented following security best practice and adhere to all compliance requirements.

Technical implementation within own area

• Implement, maintain and verify adherence to SBV’s information security framework and information security plan (Roadmap).
• Identify and evaluate potential SBV information security related risks, identify controls to minimise, mitigate or remove these.
• Review the Technology teams' compliance to current risk management processes, as well as forecast audit findings and mitigation plans and monitor progress against agreed safeguard targets.
• Manage ICT security programmes across the technology landscape to protect applications and supporting infrastructure from both internal and external threats, aiming for zero audit findings and a single view of technology risk.
• Define and maintain effective data management processes and procedures to guide the lifecycle of data from acquisition to deletion and to protect against security incidents.
• Maintain a secure document management and repository system that is integrated with version control and meets the company's governance and information security requirements.
• Deliver Technology compliance with the Protection of Personal Information Act (POPIA), Promotion of Access to Information Act (PAIA), GDPR and other information security governance regulations for all information systems documentation.
• Develop and implement a compliance framework that governs data management standards, including access control, data classification, privacy, data security, data recovery, business continuity, and other critical regulations.
• Regularly conduct internal awareness sessions about the POPI Act, related regulatory standards, and stay up to date on updates, guidelines, new regulations, and codes of conduct.

Quality Management

• Manage and drive a proactive audit framework and internal security reviews to measure compliance outcomes and performance.
• Drive penetration testing and security assessments across the technology landscape for new and current systems.
• Develop an understanding of ISO standards and assure reporting complies with the reporting frameworks.

Risk Management

• Analyse and review risks across the technology department and recommend risk mitigation actions and controls that enhance the maturity of SBV's information security management practices.
• Review audit findings and manage the implementation of annual audit processes for information systems and documentation.
• Collaborate with other functional areas to drive business continuity management (BCM) measures and disaster recovery (DR) across the technology landscape.
• Evaluate the effectiveness of controls to guard against abuses of authorisation and open administration rights and confirm that the segregation of duties is in place and effective.
• Establish a system and control to improve risk rating by understanding the risk rating criteria and putting systems in place.
• Prepare bi-weekly reports for the Executive team on key risk indicators to provide assurance of the effectiveness of controls in place and opportunities to automate.
• Develop dashboards that provide a comprehensive view of key risk areas such as management of security controls across the board, monitoring logical access procedures, and processes, detection of firewalls, behaviours, and timely response.

Stakeholder and Business Relationship Management

• Facilitate awareness and training to equip end users with managing information security risks.
• Maintain working relationships with key stakeholders to encourage adherence to information security principles and influence adoption of new systems and controls to risk management.

Vendor Management

• Perform security assessments on new and current suppliers.
• Monitor that vendor compliance requirements relating to meeting their information security standards are in place and met.
• Manage interactions with internal teams and vendors and verify that agreed delivery plans align with SLA requirements.
• Provide technical guidance and support to Project Managers to maintain smooth interfacing between SBV and vendors.
• Manage the integration of vendor deliverables by tracking and reviewing vendor performance.

Finance

• Responsible for preparing operating and capital expenditure budgets for Information Security.
• Manage the allocated Information Security budget, monitor spend, and optimise existing resources.
• Identify and manage all service optimisation opportunities, including cost reductions.
• Make budgetary recommendations that align with department goals and objectives.
• Analyse and support any deviations to budget allocation putting financial control measures.
• Comply with the company’s financial management practices, policies, and procedures in managing CAPEX and OPEX.

Leadership and People Management

• Resolve issues or bottlenecks that may hinder Information Security team's ability to achieve technical and operational objectives.
• Support the continuous development of the team by setting performance standards and conducting reviews as part of coaching.
• Promote development of the team to support that they evolve and adapt with information security changes and technology threats.
• Provide leadership to employees within SBV.
• Create a conducive environment which translates into productivity and high moral within SBV.
• Inspire one’s team to deliver on key performance areas.
• Adhere to legislative requirements and group policies and procedures.
• Preside over disciplinary hearings on behalf of SBV in alignment with statutory requirements and the policies and procedures of SBV.
• Lead and manage the end-to-end performance management process of employees.
•  Responsible for employees to undergo the relevant training inclusive of any mandatory refreshers in conjunction with the training academy.
• Draft and execute training plans in conjunction with the training academy.

Lead as an Ambassador and Executor of Change

• Provide continuity during times of change by serving as a change management architect.
• Manage the integration of development into a seamless end-to-end customer experience.
• Communicate and embed new processes and procedures effectively, addressing or escalating concerns to SMEs.
• Communicate consistently and accurately across one's area by facilitating presentations, workshops, or forums.

Drive the organisation culture

• Drive the department’s values while inspiring confidence and generating excitement, enthusiasm and commitment towards the mission.
• Provide leadership to employees within the organization, creating a winning culture and high morale.
• Initiate and lead a culture of performance driven output through shared purpose vision and values.
• Act as a change management architect during periods of change to maintain continuity to operations.
• Effectively communicate and embed new processes and procedures as they occur, addressing or escalating matters/concerns to the SME’s (subject matter experts) when required.

Requirements

• 8 years of experience within an Information Technology environment, of which:
• 3 years in information security management and managing of audit processes
• 3 years of experience developing, implementing and monitoring security policies and controls
• Experience working in a multi-discipline (matrix structure) team fostering collaboration and teamwork.
• Experience working on projects across the technology landscape.

Requirements: Education

• Degree in Computer Science, Management Information Systems, or related field
• Security related certification (CISSP, CISM,CRISC,CISA, ISO 27001) (Advantageous)
• Professional Registration/Membership: Information Security Forums; ISACA; ISC2 (advantageous)