Principal Specialist Cyber Security GRC at Vodacom

Role purpose:

Defining Cyber Governance, Risk & Compliance to: 

• To lead the ongoing evaluation of security policies, and relevant standards and support the continuous improvement of the security governance program.
• To ensure that comprehensive Information Security Risk management programs are established.
• Ensure the alignment of Information Security Risk management with the enterprise risk management framework.
• To lead in the risk management of cyber security risks while collaborating with other departments to identify, recommend, develop, implement, and support a risk-informed decision and action framework.
• To provide Management with assurance covering controls across the Business environments that there are adequately designed and operating effectively.
• To support Management during audits as well as implement and track Management audit actions to closure. 
• Assist in the management and rollout of cyber-Training & Awareness initiatives.
• Provide Management with status update reports as well as insight reporting.

Your responsibilities will include:

• Take a proactive approach to ongoing evaluation of cyber security policies to ensure security policy adherence.
• Promote awareness of security policies, training, and the governance strategy amongst all levels of the organization to ensure sound security governance is reflected across the organization.
• Assess policy needs, train stakeholders in the policy lifecycle and communicate expectations, and collaborate with stakeholders from subject matter experts to senior leaders to develop and manage security content.
• Maintain and further develop the Cyber Risk Management Program.
• Actively manage risks on the Cyber Risk Register from intake to resolution.
• Communicate risk assessment findings with key stakeholders to develop and monitor risk remediation plans.
• Develop cyber risk portfolios to provide a more holistic view of teams’ risks.
• Conduct regular compliance assessments with the Business to ensure that current and emerging risks are being monitored and managed.
• Proactive Control design and implementation guidance provided to the Business.
• Process and Control Compliance Monitoring and Reporting.
• Cyber audit SPOC to the business with guidance on all audit submissions.
• Cyber audit report reviews and guidance to Management on the recommended actions.
• Tracking and monitoring of audit remediation action implementation.
• Deploying cyber security awareness training collateral with innovative approaches.
• Design of status reports as well as insight reporting as and when required by Management.
• Lead reporting development with the use of automation and reporting tools to generate Cyber Risk metrics, i.e. KPI, KRI’s, KGI’s (KSI).

Ideally you should possess the following:

• Matric/Grade 12 is essential. 
• Degree\Relevant tertiary qualification in Information technology and Minimum of 8 + years of experience in a Tech Security role where you meet business deliverables. 
• 8+ years experience in cyber governance, risk, controls, and compliance management in a technology environment.
• 8+ years experience in IT Audit and Assurance management in a Cyber or technology environment. 
• Knowledge of common information technology management/compliance frameworks such as ISO/IEC 27001, SOC 2, SOX, ITIL, COBIT, and NIST.
• Knowledge of legal, regulatory, and privacy requirements, such as Personally Identifiable Information (PII) Protection and Payment Card Industry (PCI)/Data Security Standard.
• High-level understanding and Knowledge of Cloud Risk, Compliance, and Assurance.
• Proven experience managing and operating multiple security programs, projects, and initiatives.
• An ability to think strategically and drive change.
• A deep understanding of Tech Security risks and mitigating solutions.
• GSM Network Infrastructure.
• Diverse security background with knowledge in several areas including layered security architecture; internet protocols; firewalls; VPN technologies, IDS/IPS, network access control and network segmentation, anti-malware and spam technologies; risk and vulnerability assessments, and compliance.
• Security concepts related to DNS, routing, authentication, VPN, proxy services, and DDOS mitigation technologies.
• Windows, UNIX, and Linux operating systems.
• Web Security & Encryption.
• Strong organizational skills and an entrepreneurial drive with a history of recruiting and developing high-performing teams.
• Ability to build and manage a highly motivated and innovative technical team.
• Ability to work under time and resource pressure.
• An ability and desire to communicate and work with a broad set of stakeholders.
• A customer-focused, responsive, and transparent attitude.
• Grasping technical concepts rapidly and the ability to articulate these concepts to technical and non-technical audiences.
• Skilled in communicating with all levels of management.

Desired:

• An industry certification e.g. ISO 27001 Lead practitioner, CGEIT, CRISC, CISA, CISM, and CISSP is strongly preferred.