Manager: ICT Security and Governance at National Home Builders Registration Council (NHBRC

The Individual will primarily be responsible for, but not limited to the following:

• Develop and implement a comprehensive ICT security strategy aligned with organizational goals.
• Oversee the deployment and management of cybersecurity technologies, including firewalls, intrusion detection/prevention systems, endpoint protection, and SIEM solutions.
• Identify, assess, and mitigate cybersecurity threats and vulnerabilities.
• Establish and enforce ICT security policies, standards, and procedures.
• Manage and test disaster recovery (DR) and business continuity plans (BCP) to ensure resilience against cyber incidents.
• Develop and implement ICT governance frameworks, policies, and processes in alignment with industry best practices (e.g., COBIT, ITIL).
• Ensure the organization complies with applicable laws, regulations, and standards, such as ISO 27001, POPIA, GDPR, or other relevant frameworks.
• Collaborate with business units to align ICT governance with corporate governance and strategic objectives.
• Provide strategic oversight and leadership to the Project Management Office (PMO) to ensure the efficient execution of all ICT projects in alignment with established project management methodologies, standards, and best practices.
• Conduct regular audits and reviews of ICT systems, processes, and compliance adherence.
• Establish a risk management framework to identify, analyze, and address ICT security and governance risks.
• Monitor and report on ICT risks, incidents, and mitigation measures to senior management and the board.
• Lead the development of security awareness training programs for employees to minimize human risks.
• Collaborate with Audit, Risk, Governance and Compliance functions in respect of monitoring and implementing compliance processes
• Lead and mentor the ICT Security and Governance team, fostering a culture of accountability, innovation, and excellence.
• Manage relationships with external vendors and partners, ensuring the delivery of security services and solutions within agreed SLAs.
• Drive collaboration with other departments to ensure security and governance are embedded in all ICT initiatives.
• Establish security monitoring tools and processes to proactively detect and respond to incidents.
• Provide regular reports on ICT security, compliance, and governance metrics to stakeholders.
• Ensure effective incident response plans are in place and lead investigations into significant security breaches.
• Stay informed of emerging cybersecurity threats, trends, and technologies.
• Recommend and implement innovative solutions to enhance the organization’s ICT security posture and governance capabilities.
• Responsible for functional budget and overall financial management of the ICT security and governance Section
• Manage ICT security and governance Service Level Agreements (SLA) with service providers
• Ensure cost optimisation measures are in place within the Section
• Implement and effectively manage the approved budgets, procurement plans, report variances, and monitor the implementation of remedial actions to minimise impact
• Build client relations by demonstrating professionalism, appropriate self-confidence, a facilitative communication style, and constructive response to client needs
• Maintain positive interpersonal relationships with team members and others by demonstrating productivity, initiative and flexibility
• Educate management on ICT security and governance concepts by using internal control frameworks and other leading practices to design adequate and effective internal controls
• Establish and maintain lines of communication and systems of reporting within the organisation
• Make presentation on ICT security and governance activities within the NHBRC

MINIMUM REQUIREMENTS:

• Bachelor’s degree in Computer science, Information Security or Information Technology
• Minimum of 5 years of experience in management of Enterprise ICT security environment.

At least one of the following:

• CISSP (Certified Information Systems Security Professional)
• CISM (Certified Information Security Manager).
• CRISC (Certified in Risk and Information Systems Control).
• CEH (Certified Ethical Hacker)
• ISO 27001 certification.
• Proven experience in implementing security frameworks, policies, and ICT governance best practices.
• Deep knowledge of cybersecurity technologies (e.g., SIEM, endpoint protection, firewalls, and threat intelligence platforms).
• Proficiency in ICT governance frameworks such as COBIT, ITIL, and ISO 27001.