Senior Specialist, Cyber Security at Exxaro Resources

PURPOSE:

• To lead and oversee the development, implementation, and management of robust cybersecurity strategies to safeguard our organization's digital assets.
• You will play a critical role in identifying and mitigating potential cyber threats, ensuring the integrity, confidentiality, and availability of our information systems.
• Additionally, you will provide expert guidance to cross-functional teams, stay abreast of emerging threats and technologies, and contribute to the continuous improvement of our cybersecurity posture.

MAJOR CHALLENGES:

• Staying ahead of constantly evolving cyber threats, including sophisticated malware, ransomware, and advanced persistent threats, to proactively implement security measures.
• Navigating the complexity of diverse technology stacks, cloud environments, and interconnected systems, ensuring security controls are effectively implemented across the organisation.
• Enhancing incident response plans, ensuring a swift and effective response to cybersecurity incidents, and lead efforts to recover from security breaches with minimal impact.
• Staying current with industry regulations, legal requirements, and compliance standards, ensuring the organisation's cybersecurity practices align with applicable laws and regulations.
• Addressing the human factor in cybersecurity by developing and implementing comprehensive training programs to educate employees on security best practices, minimizing the risk of social engineering attacks.
• Fostering effective collaboration with cross-functional teams, management, and external partners, communicating complex cybersecurity concepts in a clear and understandable manner to different stakeholders.
• Staying informed about emerging technologies such as IoT, AI, and blockchain, and assess their impact on cybersecurity, integrating appropriate security measures as the organisation adopts new technologies.
• Implementing and managing a comprehensive vulnerability management program to identify, assess, and remediate vulnerabilities in a timely manner, reducing the organisation's exposure to potential threats.
• Staying abreast of the latest cybersecurity trends, tools, and techniques, and continuously develop your skills to adapt to the dynamic nature of the cybersecurity landscape.

Minimum Requirements
QUALIFICATIONS:

•  Bachelor of Information Technology (Essential/Minimum)
•  Certificate in Cybersecurity Professiona (Essential/Minimum)
•  Certificate CISA Information Systems Aud (Recommended/Desirable)
•  B Degree (Hons) (Relevant) (Recommended/Desirable)

EXPERIENCE: 

8-10 years Proven experience in developing and implementing cyber security strategies. In-depth knowledge of cybersecurity principles, technologies, and best practices. Hands-on experience with security tools and technologies, including firewalls, intrusion detection/prevention systems, antivirus software, etc Strong understanding of networking protocols, operating systems, and cloud environments. Experience in developing and implementing cybersecurity policies and procedures.

Demonstrated leadership skills with experience in leading and managing cybersecurity projects. Ability to collaborate with cross-functional teams.

Experience in developing and executing incident response plans. Ability to handle and manage cybersecurity incidents, minimizing the impact on the organisation. Familiarity with applicable regulation and frameworks e.g., POPIA, GDPR, ISO27001, NIST etc.  (Essential/Minimum)    Management

REQUIREMENTS: 

•  Psychometric Assessment (Essential/Minimum)
•  Certificate of Fitness (Essential/Minimum)
•  Certified Ethical Hacker (Practical) (Essential/Minimum)
•  Information Security Certification (Essential/Minimum or)
•  Cert Information Systems Security Profes (Essential/Minimum)
•  Member of Professional Body (Recommended/Desirable)

Duties & Responsibilities
Budget and Resource Allocations    

•  Collaborate with line manager to develop and manage the security budget.
•  Assess the resource requirements for cybersecurity initiatives, including personnel, technology, and training.
•  Allocate resources based on the identified priorities and risks

Continuous Individual Development    

•  Conduct research and keep abreast of Information Technology risk, industry trends and legislative and regulatory landscape
•  Develop leadership capacity across the business in managing Information Technology risk
•  Understand Information Technology value chain to understand the eminent risks with new developments
•  Identify opportunities from audits and other assurance functions to enhance compliance and governance

Functional Excellence    

• Maintain a high level of technical proficiency in cybersecurity tools, techniques, and methodologies. Serve as a subject matter expert on cybersecurity matters within the organisation.

Governance Risk and Compliance    

•  Ensure compliance to IM Governance Framework, Policies and Procedures
•  Strong understanding of risk management principles and experience in assessing and mitigating risks within complex IT/OT environments.
•  In-depth knowledge of relevant cybersecurity laws, regulations, and compliance standards. Experience in ensuring organisational compliance with applicable regulations.
•  As required, support and actively contribute to all combined assurance efforts including, amongst others, internal and external audits, governance, legal, risk, compliance, and supply chain management processes

People Management    

•  Provide strong leadership to the cyber security team including managed services partners.
•  Manage performance of managed services partner
•  Ensure clear communication of individual, functional and business targets and objectives and drive performance towards their fulfilment

Project Management    

•  Assess the resource requirements for cybersecurity initiatives, including personnel, technology, and training.
•  Allocate resources based on the identified priorities and risks

Safe and Healthy Work Environment    

•  Maintain and ensure a healthy environment, safe operations practices, ensuring compliance with all applicable Safety Health and Environmental policies and procedures in line with set standards.
•  Encourage a culture that focuses on safety in all areas and operations

Strategy Planning    

•  Contribute to establishing clear and measurable cybersecurity goals that align with overall business objectives.
•  Prioritise risk based on their potential impact and likelihood of occurrence. Define key performance indicators (KPIs) to track effectiveness of cybersecurity initiatives.

Systems and technology    

•  Demonstrated expertise in a wide range of cybersecurity technologies, tools, and platforms, including but not limited to firewalls, intrusion detection/- prevention systems, antivirus solutions, encryption, and SIEM.

Vendor Management and Strategic Partnerships    

•  Regularly conduct security audits and assessments of vendor systems and processes to ensure ongoing compliance with security standards.
•  Collaborate with vendors to address security issues promptly.
•  Implement continuous monitoring mechanisms to track the security posture of vendors throughout the partnership

Behavioural Alignment    
Demonstrates the following:

•  Creativity, collaboration, sociable and awareness to the ecosystem
•  Stewardship, accountability, ability to develop trust, safety conscious and ethical
•  Ability to respond quickly to business needs/agility, flexibility, continuous learning, innovation and proven ability to experiment on creative business solutions
•  Ability to be inclusive, eagerness for multiple skills, embraces multiple cultures, accepts different approaches and be human-centric/empathetic
•  Results oriented, quality driven, excellence, entrepreneurial abilities, efficient and effective