Senior Manager: Cyber & Digital Security at Road Accident Fund

Purpose of the Job:

• Reporting to the Head: Technology and Digital, the successful incumbent is accountable for establishing and defining Information Security principles across the ICT environment in line with the international and local governance frameworks and legislation in order to ensure that the Information Security policies are executed and adhered to in carrying out ICT operations.

Key Performance Areas

Cyber Security

• Set strategy for sustained implementation of cyber strategy programmes.
• Ability to lead team through design and delivery of targeted, holistic and sustainable cyber security programmes. 

Execution of ICT Security Initiatives

• Partner with ICT Senior Management to integrate all ICT security and Cyber security plans with information and reporting and remediation requirement.

Security Architecture

• Drive the implementation of Security Architectural principles and Guidelines.
• Track the performance accountability of each of the departments.

Strategy Development and Operational Planning

• Guide the development and implementation of the department strategy and plan that ensure alignment with short-term and long-term objectives.
• Develop, implement and monitor a strategic, comprehensive enterprise information security and ICT risk management programme.
• Guide implementation of the overall strategic plan for the department.
• Guide the implementation of specific key performance indicators and measures against outcomes detailed in the departmental strategic plans.
• Work in collaboration with Business Divisions and Business Units to facilitate risk assessment and risk management processes – specifically those which relate to Information Security.

Policy Review and Implementation

• Support the development and implementation of policy, procedures and processes for the business unit and ensure effective execution of policy and practices.
• Collaborate with appropriate structures to ensure effective execution of policy and practices.
• Ensure that all employees in the team know and understand the RAF Information Security policies.

People Management

• Ensure sourcing, development and retention of a high-performing team.
• Ensure the motivation, cohesiveness, and alignment of the organization’s team members.
• Manage staff in the department to ensure that they achieve their objectives in line with the strategic objectives of the RAF.

Financial Management

• Ensure that the periodic financial and strategic goals of RAF as well as the performance expectations of the various teams are achieved.
• Report and review operations financial and non-financial goals.
• Ensure sufficient internal control measures are implemented for adherence to PFMA, RAF and other relevant legislation and regulations.
• Manage, monitor and control the department expense budget.

Reporting.

• Gather and aggregate information on security compliance, monitoring and awareness areas.
• Establish, prepare and monitor financial reports on division’s operational programs:
• Identify the areas for optimizing and/or reducing expenses.
• Cost reduction via compliance simplification processes.
• Prepare periodic reports for senior management on compliance and awareness levels.
• Provide periodic risk assessment reports.

Stakeholder Management

• Maintain proactive and progressive relationships with key stakeholders.
• Engage with relevant internal stakeholders.
• Delegate inquiries and requests for information from both internal and external stakeholders.

Qualifications and Experience

• Bachelor’s Degree/ Advanced Diploma in Information Technology related qualification.
• Bachelor’s Degree/ Advanced Diploma in Information Technology or Computer Science related qualification.
• Postgraduate in Information Technology or Computer Science related qualification.
• Certification in CISSP/ CISA/ CISM/ COBIT will be an added advantage.
• PMP Certification will be an added advantage.
• Relevant 9 - 10 years’ experience in Information Security environment of which 3 years must have been on a management level in leading Information Security teams and ICT Risk management teams.

Technical and Behavioral Competencies Required

• Strategic capability.
• Business and financial acumen.
• Compliance and Governance.
• Client service orientation.
• Change management.
• Critical and innovative thinking.
• Policy conceptualization and formulation.
• Stakeholder development and management.
• Reporting.
• Knowledge of up-to-date Information Security Issues.
• Data Security Management.
• ICT Security Architecture.
• Secure Development.
• Secure Operations Management.
• Application Database and Security.
• Vulnerability Management.
• Knowledge of Project Management Skills.
• Relevant Legislation and regulation.
• Information Security Frameworks and Standards and Privacy Best Practices.
• ICT Risk and Audit Findings.
• ICT Governance Principles & tools.
• Knowledge of common Information Security Management Frameworks, such as ISO/ IEC 27001, NIST, and PCI/ DSS.