Information Technology Security Manager at Virgin Active South Africa

To make exercise irresistible

• To collect, organise, analyse, interpret and summarise threat and vulnerability reports and data which will be used to provide actionable intelligence and situational awareness to decision makers of Virgin Active.

• Will build a threat intelligence repository to understand threat actor tactics, techniques and procedures (TTP).

• Create partnerships and relationships with 3rd parties for intelligence sharing, evaluating threat intelligence providers, platforms, and data feeds to drive greater business value.

• Provide subject matter expertise, technical deliverables oversight of cyber projects and initiatives to enhance and improve cyber threat intelligence capabilities and maturities.

• Protect digital data and information against unauthorized access, modification or destruction.

• Conduct internal and external security audits on a regular basis.

Minimum Requirements...

We’re looking for…

• The finest ambassador of Virgin Active at all times.

• 8+ years in managing IT security

• A tenacious manager with a persuasive non-conflictive style

• Demonstrable experience in security management, ideally in a retail environment with multiple 3rd parties

• demonstrates investigative and analytical problem-solving skills

• Experience of managing customer/ stakeholder relationships

• Someone who uses evidence for decision making but shows great instinct

• Comfortable with the occasional chaos that comes with working with a highly ambitious and challenging company

• Operationally aware – understands the end to end process for delivering high value projects

• Continually looks for ways to improve the quality of our services and the efficiency of the company.

• A challenger of the norm with a desire to make a real difference in the work they do

We can’t live without…

• Good understanding of IT security and IT security frameworks

• Commercially astute with an understanding of the business context of IT

• Adept in high pressure situations

• A good appreciation of the key functions of IT Security:

  • The ability to use best practice to drive improvements

  • Forward planning

  • To balance conflicting demands and financial constraints

  • Prioritise according to business needs

• Well-developed interpersonal skills and ability to work collaboratively within a team

• Effective verbal and written communication skills:

• Articulate scenarios which cause security breaches both written and verbally
• Explain security scenarios and concepts

• Ability to perform under pressure and to delivering against competing priorities

• Self-motivated without the need for direct supervision, passionate, positive, and hard-working

• Highly flexible and able to adapt to ever changing environments

• Patience, tolerance and resilience

• Ability to identify potential risks and develop mitigation strategies

• Effective documentation skills

• A track record of successfully supporting enterprise security applications.

• Experience of managing 3rd parties to deliver on contractual obligations.

• Ambition to be part of something special

We’d love you to have…

• Experience of working in a tool-based environment

• Experience of procurement and supplier selection processes

• Experience and understanding of any of the following: Digital Multi Channel, Membership Systems, CRM, Business Intelligence, Mobile Apps, Software testing

• Industry experience with high touch customer service organisations

• An interest in health and fitness

Your Duties & Responsibilities…

• To always do your bit towards achieving our Vision of being The World’s Most Loved Exercise Brand; to live and role-model our Values of Insatiable Curiosity, Delightfully Surprising, Heartfelt Service, Red Hot, Smart Disruption and Straight Up; and to bring to life our People Promise of Be Yourself and Go Together, Work Hard and Dream Big

• Meet IT Security objectives by identifying issues and associated risks that impact the business and implementing solutions that provide protection and operational efficiencies that improve the business security posture.

• Ensure effective collaboration between Virgin Active SOC and suppliers/vendors who provide infrastructure and /or security services.

• Build a strong relationship with the security vendors to ensure smooth rollout of security initiatives and ensuring the Virgin Active IT security policies are implemented

• Provide clear well written technical documentation of security systems and processes

• Develop strategies to maintain and manage core security initiatives while focusing on continual service improvement.

• Implement and drive adoption of IT security policies and strategy 

• Establish security standards and documentation for CIS controls and SIEM processes and drive the controls around these standards

• Setup metrics and monitoring to ensure security is delivered to agreed service levels with relevant reporting and scorecards

• Participate in and contribute to regular threat focus meetings and produce actionable intelligence on threats for delivery to the business in the form of technical reports and/or client briefings.

• Contribute to the enhancement and optimisation of implemented reporting mechanisms to demonstrate the value of the cyber intelligence function with tangible benefits to business stakeholders

• Perform research into less complex targeted attacks, crime ware campaigns, malware and other emerging technologies and techniques to identify and report on cyber-attacks.

• Actively monitor and research cyber threats and trends with a direct or indirect impact to the Virgin Active brand, regional business operations, technology infrastructure and client trust

• Promote awareness of emerging cyber threats and determine the appropriate responses. You will utilise intelligence to support security services and professional services as part of digital forensics and incident response engagements, security event management, breach detection and malware analysis.

• Required to perform situational tasks such as malware analysis, reverse engineering and exploit evaluation as and when required.

• Act as a point of escalation for security investigations and incidents to provide guidance and oversight on incident resolution and containment techniques

• Maintain data and monitor security access on systems highlighted as high risk to the company.

• Ensures authorised access controls by investigating improper access, revoking access, reporting violations, monitoring information requests, recommending improvements

• Establishes computer security by developing standards, policies, and procedures; coordinating with Desktop and Infrastructure teams; recommending improvements and assist with the implementation.

• Run a regular weekly update meeting with the IT management team.  

NB! if you do not hear from us within 4 weeks after the advert has closed. Kindly consider your application unsuccessful.