IT Executive: Security, Risk and Governance at PPS

Purpose of the Job:

A senior role reporting to the Chief Information Office, the IT Executive: Security, Risk and Governance is accountable for the security of all Group IT data and operations through the effective implementation of IT cyber security, IT general controls, governance, resilience strategies, risk mitigation controls and frameworks. The successful incumbent will be responsible for the design, implementation and maintenance of the disaster recovery plans, working with the business on business continuity plans and provisions across IT services. This role leads, manages and controls the Information Security risk and governance functions, acting as a point of escalation where critical breaches occur across all IT systems. In addition, the role fulfils an information security function for the PPS Group.

Key Responsibilities

IT Risk, Compliance and Business Continuity Planning

• Accountable for defining the IT security, risk and governance frameworks for the organisation, including Information Risk (Cyber Security), IT policies, disaster recovery and business continuity
• Ensuring that a formal set of IT Security risk and governance processes are in place by which the organisation can remediate all IT risks
• Supporting the CIO by managing the IT governance and resilience strategy through the establishment of effectively defined strategies and control mechanisms for both governance and resilience
• Ensuring compliance of all IT services to the defined security, risk and governance frameworks of PPS
• Managing OPEX and CAPEX for ICT, ensuring that proper governance requirements are adhered to
• Maintaining and continuously improving policies, standards and procedures to ensure demonstrable regulatory and legal control for all information and risk for the organisation from an IT perspective
• Scheduling risk and compliance audits and reviewing the outcomes of the audit process; directing compliance issues to the appropriate resources for investigation and resolution
• Developing, implementing and maintain the IT risk register, contributing results to the corporate dashboard submitted to the Audit and Risk Committees of PPS
• Ensuring that all systems have business continuity plans in place, ensuring that processes and procedures are available in a disaster situation
• Managing the overall disaster recovery and business continuity planning process, as well as reporting results to Business and IT Executives
• Working with the development, service introduction and testing teams to produce the disaster recovery and business continuity planning operational acceptance criteria
• Completing the operational risk assessments and escalating key issues (where necessary) to the CIO and Group ExCo
• Ensuring all critical IT services are maintained and available to business nationwide and effective failovers are put in place
• Ensuring that all BCs for IT projects and programmes have the required security designs and checks in the plans prior to development and eventually into production
• Ensuring that the security solutions cover all staff at PPS and PPS Mutual:
• Malware and encryption protection on IT Assets implemented
• Data Loss Prevention is implemented for endpoints and on the network
• Security information and event management (SIEM)implemented to detect security violations
• Vulnerability scanner is implemented to detect vulnerabilities on IT assets
• Identity and authorization solution implemented
• Penetrating Testing conducted on web applications and network.
• User security violations on the network using Artificial Intelligence System is implemented
• Cybersecurity Framework Controls is implemented and monitored
• Accountable for up to date records of the IT Security Risk Register

Information Security

• Ensuring the confidentiality, integrity and availability of the data residing on or transmitted to/from/through enterprise workstations, servers and other systems and in databases and other data repositories
• Performing information security risk assessments of projects, new technologies, IT assets, applications, and vendors
• Coordinating the design and execution of vulnerability assessments, penetration tests and security audits
• Implementing and monitoring internal controls to measure policy compliance
• Aligning regional needs and initiatives with Information Security policies and standards
• Supervising investigations into any problematic activity, communicating with senior management on an ongoing basis
• Engaging in ongoing communications to ensure enterprise wide understanding of security goals, to solicit feedback and to foster co-operation
• Developing and implementing security awareness training, ensuring consistently high levels of compliance with enterprise security policies
• Overseeing the selection, integration and configuration of all new security solutions and of any enhancements to existing security solutions
• Maintaining up-to-date knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors

People Leadership and Culture 

• Implementing the PPS IT Employee Value Proposition to create PPS as an IT Employer-of-Choice characterized by a pipeline of talent joining the Group as young technicians and developing their careers over extended periods within the Group
• Providing team leadership, ensuring the effective implementation of strategy through leadership of the management team; (setting individual objectives, managing performance, developing and motivating staff, provision of formal and informal feedback and appraisal) in order to ensure that the highest level of performance is achieved
• Creating a healthy and enabling organisational culture and climate, so that all employees are able to perform to their full potential and overall business performance is maximised
• Accountable for strategic workforce planning, ensuring that the team is sufficiently resourced to meet demand, compliance and the required customer experience
• Accountable for the translation of the IT Security, Risk and Governance strategy to tactical plans and initiatives that are aligned to the wider PPS Group strategic requirements
• Creating a stimulating and safe environment that inspires innovation and new initiatives
• Collaborating with other teams at PPS to promote the interoperability of data collected across products and technology teams, ensuring that data architecture design principles and adopted and data frameworks embedded as part of the design
• Leading, developing and managing the IT Security, Risk and Governance function
• Creating a culture of high performance, value-for-money, optimisation and innovation in the SRG team and manage performance of the team effectively
• Mentoring team members as needed or required; conducting peer review of key deliverables
• Creating an environment where people are encouraged to take ownership and use their initiative to find the best way of implementing plans. Actively including people from across the business (not necessarily the most obvious) to achieve objectives

Stakeholder management

• Effectively communicating the strategic narrative aligned to business requirements, using varied communication vehicles and opportunities to promote dialogue; shared understanding and consensus with business
• Collaborating with key business stakeholders to ensure understanding of IT Security, Governance and Risk strategies that are in place
• Ensuring that relevant internal and external stakeholders, resources, service providers and partners are appropriately contracted to deliver and maintain technology solutions and business continuity

Formal Qualifications:

• Bachelor of Science Degree or Bachelor of Commerce in Informatics
• Cybersecurity Certification
• Honours in Science or Informatics would be advantageous
• Master’s in Business Administration would be advantageous

Experience:

• 8-10 years of experience in IT Security, Cyber Security, Disaster Recovery, Governance, Risk and Business Continuity Planning
• Deep knowledge of data privacy and information protection
• Information Security related qualifications such CISM, CCISO, CGEIT, CISSP or similar
• 5 years of management experience, in leading teams
• Data warehouse experience will be an advantage
• Experience in requirements analysis and configuration

Knowledge and Skills:

• Forward-looking and strategically minded - in-depth ability to understanding regulatory, legal, compliance and technical risks and implications
• Knowledge of large (IT) governance structures- an understanding of the ITIL Knowledge Management, King 3, COBIT, ISO and other governance frameworks
• Knowledge of building and/or managing IT Security, Risk and Governance teams

Competencies:

• Complex problem-solving
• Adapting and responding to change
• Innovation and forward thinking
• Business acumen
• Persuading and influencing
• Deciding and initiating action
• Strategic vision and agility
• Leading cross-functional and multi-disciplinary teams