IT Risk Cyber Security & Compliance Manager - Cape Town at Astron Energy (Pty) Ltd.

The IT risk, cyber security & compliance manager ensures the security of all IT data and operations through the effective implementation of IT cyber security, IT general controls, governance, resilience strategies, risk mitigation controls and frameworks. They are also responsible for the design, implementation and maintenance of the disaster recovery plans and that business continuity provisions are in place across IT services. This role also leads, manages and controls the Governance Risk and Compliance function acting as a point of escalation where critical breaches occur across Astron Energy’s systems.

• Accountable for the definition of the IT risk, security and compliance framework for Astron Energy including information risk (cyber security), it policies, disaster recovery and business continuity
• Ensure a formal set of IT risk, security and compliance processes are in place by which the organisation can remediate risks
• Lead, develop and manage the IT risk, security and compliance capability
• Create a culture of high performance, value-for-money, optimisation and innovation in the IT risk, security and compliance team and manage performance of the team effectively
• Support CIO to manage IT governance and resilience strategy through the establishment of effectively defined strategies and control mechanisms for both governance and resilience
• Ensure compliance of all IT services to the defined risk, security and compliance frameworks
• Maintain and continuously  improve policies, standards and procedures to ensure demonstrable regulatory and legal control for all information and risk for Astron Energy from an IT perspective
• Schedule risk and compliance audits, review the outcomes of the audit process; direct compliance issues to appropriate resources for investigation and resolution
• Develop, implement and maintain a risk register, contribute results to corporate dashboard
• Ensure that all systems have business continuity plans in place, ensuring that processes and procedures are available in a disaster situation
• Manage the overall disaster recovery and business continuity planning process as well as report results to the business and IT Directors
• Work with the development, service introduction and testing teams to produce the disaster recovery and business continuity planning operational acceptance criteria
• Complete operational risk assessments and escalate key issues (where necessary)
• Ensure all critical IT services are maintained and available to business nationwide and effective failovers are in place
• Management reporting of company IT risks for report-out at the Board Audit & Risk Committee
• Company Data Privacy Officer

Qualifications:

• IT Bachelor’s degree, diploma or equivalent desired
• Certification in risk, information systems and security desired (CISM, CEH, CISSP)
• 5+ years management experience
• 10+ years of experience in IT security, cyber security, disaster recovery, governance, risk and business continuity planning

Skills & Experience

• Strong knowledge of core IT infrastructure, applications, business processes and technology supplier community
• Experience in security management, security and network architecture and/or design
• Experience in implementing and maintaining IT security processes
• Strong skills and knowledge in data privacy, best practices such as; defense in-depth, least privileges, need-to-know, separation of duties, access controls, encryption
• Strong communication skills
• Experience in IT Governance monitoring and reporting
• ISO 27000 - IT Security Standards and Tools
• IT Governance Framework - COBIT 
• POPIA and GDPR
• ITIL Foundation Certification

Application deadline:

• 28 August 2023