IT Information & Cybersecurity Manager at Sun International

Job Purpose

• The IT Information & Cybersecurity Manager will be responsible for protecting Sun International’s technology assets and information, data and intellectual property regardless of the location by developing and updating information and cyber security strategy, frameworks, policies and processes. Continuously manage, monitor and evaluate system controls and access management with the aim of mitigating risk, in line with business and regulatory requirements and in a manner that is professional and reliable.
• This role will be required to ensure all practices are in line with policy, frameworks and tools based on researched leading and industry practice, technical solutions, specialised projects and innovation, and legislative support to advise, enable and support business operations in achieving their objectives.

Education

• BTech or relevant equivalent
• Security Certification (CISM and CISSP)

Experience

• Minimum of 10 years’ experience in the IT information security environment, including 3 years in a management position
• Extensive experience in the implementation of Cyber security technologies 
• Experience in cyber threat monitoring and response, threat remediation and threat intelligence

Skills and Knowledge

• Analysing
• Creating and improving
• Sourcing information
• Applying expertise and technology
• Taking ownership
• Responding with urgency
• Collaborating
• People management
• Business & Financial Acumen
• SDLC Testing methodologies and practices
• IT Information / data risk & cyber threats management
• In-depth knowledge of the cyber technologies preferably McAfee suite
• Security Architecture
• Risk Management
• Disaster recovery, BCM, back-up testing
• Security and BCM standards, frameworks and methodologies (ISO23001), NIST Cyber Security Framework, CIS, ITIL, Cobit
• Contract management
• Knowledge and application of IT security legislation (Promotion of Access to Information Act, CPA, King IV, Protection of Personal Information Bill, Regulation of Interception of Communications & Provision of Communication-related information Act; Gaming Regulations)

Key Performance Areas

• Develop, and drive the implementation of  Sun International’s cyber security plans in consultation with key stakeholders.
• Oversee and participate in  proactive investigations and analyses into potential technology security threats, and deliver an IT cyber and security architecture to support current and future business products, and processes
• Lead and monitor information security health-check assessments and testing of Sun International’s security measures, such as firewalls, anti-virus software and passwords, to identify any weak points that might make information systems vulnerable to attack.
• Be able to advise the business and scope assessments/penetration tests to ensure the protection of data.
• Stay up-to-date on the latest intelligence, including hackers' methodologies, to anticipate security breaches; anticipate new security threats and stay-up-to-date with evolving tools, architectures and infrastructures.
• Recommend and manage the implementation of security measures to protect computer systems, networks and data.
• Be able to perform threat modelling, threat-based assessments (Red and Blue), control effectiveness and KPIS on threat exposures
• Manage and respond to engaged resources for immediate response and recovery of an application or service.
• Assemble and analyse risk scenarios to estimate the likelihood and impact of significant events on the organisation
• Oversee and provide guidance on the implementation of large governance, security and business continuity projects and deployment efforts
• Facilitate the design, development, implementation and maintenance of high calibre governance and risk management solutions according to standards and best technologies that meets the current and future business needs
• Ensure security projects are approved, implemented, and meets appropriate security standards
• Oversee the installation and updating of software and ensure database back-ups are executed in line with regulatory requirements
• Oversee all security system maintenance by providing system validation procedures, maintenance reports, deactivation plans, and other documents, plans and report; continuously analysing the systems to determine when deactivation or replacement is required
• Check the conformance of the delivered platforms to standards and architectural decisions and resolve governance, risk and security architectural conflicts
• Lead the team in identifying treatments for control gaps and remedial actions related to cyber security incidents ensuring the adoption or development of relevant security services
• Provide guidance and timely recovery following the occurrence of an outage or major disasters, such as fires, earthquakes, floods, biochemical attacks, pandemics, electrical disruptions, and network disruptions which result in the partial or complete disruption of business operations support
• Manage the development, maintenance and availability of governance standards and processes for the IT Information & Cybersecurity function and align and embed practices with new legislative compliance, regulation requirements and security protocols
• Facilitate IT audits in own area of responsibility to ensure correct governance over the use of technology and the protection and control of information to meet audit requirements.
• Shared accountability for developing and managing the budget and expense management for the portfolio
• Relationship agreements with key suppliers, business partners and sponsors are built, negotiated and managed to achieve the business objectives and leverage new opportunities and joint initiatives
• Provide inspirational leadership and change management interventions to enhance engagement and motivational culture across the business
• Provide oversight of and manage any outsource service provider in the context of information and cyber
• Ensure the IT functional heads adhere to security practices.
• Provide reporting and dashboards on state of security across the group.