Information Technology Security Manager at Truworths

We are looking for an individual who is passionate about Information security and has the necessary skills to take ownership of our current Information Technology (IT) Security management and operational functions.

KEY RESPONSIBILITIES

• Overseeing the establishment, implementation and adherence to IT security policies and standards that guide and support the information security strategy.
• Create and maintain an IT Security Improvement Program that is aligned to the Information Security Improvement Plan and prioritised according to outcomes of risk assessments.
• Overseeing and conducting risk management activities (risk assessment, gap analysis, business impact analysis, etc.) to help the enterprise reach an acceptable level of risk exposure in IT Security.
• Managing the IT security incident management program to ensure the prevention, detection, containment and correction of security breaches.
• Reporting appropriate metrics to executive management.
• Provide input and advise to assist with information security awareness campaign to all members of the enterprise.
• Coordinating with vendors, auditors, executive management and user departments to enhance information security.
• Day to day management of the IT Security team.
• To provide leadership, consultancy and guidance on IT security assurance and requirements for security controls to the organization, programs and projects.
• Work with colleagues within the Information Systems Department to promote and ensure the use of appropriate techniques, methodologies and tools for improving IT security.
• To undertake strategic analysis of IT security tools, including research into suppliers, markets and product and service categories, to inform and develop commercial strategy and sourcing plans to implement IT security tools and IT security controls.
• To motivate for the selection of technology, suppliers and vendors in a manner that shows the value of the proposal.
• To influence policy and procedures covering the selection of suppliers, tendering and procurement, promoting good practice in third party management with respect to IT security.
• Daily operational management, support and maintenance of:
• Health Checks and maintenance of security appliances
• Consultation on technical security controls
• PKI management
• Troubleshooting/ Problem-solving
• Prepare and implement changes
• To keep up-to-date, gather knowledge on new/ evolving threats and assess the possible impact for Truworths.

Risk Management

• Identify and report strategic and operational IT security risks, proposing appropriate mitigating actions and facilitate the implementation of mitigating actions; execute assessment of residual risk; and if necessary, facilitate risk acceptance.
• Ensure that threat and vulnerability evaluations are performed on an ongoing basis.
• Integrate risk, threat and vulnerability identification and management into life cycle processes (e.g., development and procurement).
• Report significant changes in IT security risk to appropriate levels of management for acceptance on both a periodic and an event-driven basis.

IT Security Improvement Plan Development

• Continuously review and maintain plans to implement the IT security strategy.
• Specify the activities to be performed within the IT security program.
• Ensure alignment between the IT security program and other assurance functions (e.g., physical, human resources, quality, information).
• Identify internal and external resources (e.g., finances, people, equipment, systems) that are required to execute the IT security program.
• Effective communication with executive management to ensure support for the IT Security Improvement Program.
• Ensure the development of IT security architectures (e.g., people, processes, technology).
• Design and develop a program for IT security awareness, training and education.
• Ensure the development, communication and maintenance of standards, procedures and other documentation (e.g., guidelines, baselines, codes of conduct) that support IT security policies.
• Integrate IT security requirements into the organization’s processes (e.g., change control, mergers and acquisitions) and life cycle activities (e.g., development, employment, procurement).
• Develop a process to integrate IT security controls into contracts (e.g., with joint ventures, outsourced providers, business partners, customers, third parties).

IT Security Program Management

• Oversee the management of internal and external resources (e.g., finances, people, equipment, systems) required to execute the IT security program.
• Establish metrics to evaluate the effectiveness of the IT security program and report these to Truworths management.
• Ensure the performance of contractually agreed (e.g., with joint ventures, outsourced providers, business partners, customers, third parties) IT security controls.

Incident Management and Response

• Continuously improve processes for preventing, detecting, identifying, analyzing and responding to information security incidents.
• Ensure that the process of responding to IT security incidents entails:
• effective escalation and communication processes and lines of authority;
• effective plans to respond to and document IT security incidents;
• sufficient capability to investigate IT security incidents (e.g., forensics, evidence collection and preservation, log analysis, interviewing); and
• communication plans to engage with internal parties and external organizations (e.g., media, law enforcement, customers).
• Periodically test and refine IT security incident response plans.
• Conduct reviews to identify causes of IT security incidents, develop corrective actions and reassess risk.

QUALIFICATION(S) AND EXPERIENCE

QUALIFICATIONS

• Relevant tertiary qualification in IT Security or equivalent (Diploma/Degree) AND
• IT security qualifications such as CISSP essential. (CCSP,CEH, CRISC advantageous)

EXPERIENCE / KNOWLEDGE

• At least 7 years’ experience within IT security.
• A minimum of 5 years hands-on team leadership and management experience (within an IT Security environment).
• Strong understanding of enterprise, network, system and application level security, including best practice standards.
• Understanding and exposure to IT Security architectures.
• Experience in retail environment advantageous.
• Experience of working with suppliers and partners in the effective delivery of solutions.
• Ability to describe complex technical solutions to technical and non-technical audiences.

TECHNICAL AND BEHAVIOURAL COMPETENCIES

TECHNICAL

Essential Competencies

• Identity Access Management experience
• Managing firewalls and other related Security technologies
• Knowledge of and work exposure with Intrusion Prevention System (IPS), Secure Webgate, VPN, UTM (Next Generation Firewall), Anti-Virus
• Good functional knowledge of end-to-end IT security technologies, policies, procedures, controls and tool-sets
• Identity Access Management experience
• Cloud Security experience

Advantageous Competencies:

• COBIT or equivalent framework methodologies.
• Exposure to national and international standards such as ISO 27001, PCI DSS
• Knowledge of the POPI and GDPR legislations.

BEHAVIOURAL:

• Trustworthy with high standards of personal integrity
• Excellent analytical and problem-solving abilities
• Good team working skills to implement security solutions in collaboration with other information technology professionals
• Excellent communication and the ability to influence broadly across various levels of seniority within the business
• Self-motivated - with the ability to lead, inspire and motivate others
• Attention to detail
• Ability to deal with conflict and be able to challenge existing processes