Snr Spec: IS Operations at Liberty Group South Africa

Purpose

To build an Information Technology cyber-security and security testing capability in order to improve the Information Technology Security capability maturity. This includes developing a strategy and delivery of various control improvements, incident response planning and leadership of the cyber-security and penetration testing team.

Minimum Qualification

• Degree Management practices,
• CISSP (Certified Information Systems Security Professional),
• CISM (Certified Information Security Manager)

Minimum Experience

• 8 - 10 years' experience in a similar environment, of which 3 - 4 years at management level

Key Responsibilities

Establish an IT cyber-security strategy and proactively identify cyber-security threats

• Develop a cyber-security strategy for the Liberty Group.
• Develop threat models for all critical technologies (application and supporting infrastructure).
• Support the CISO with cyber-security input into the IT Security investment plans.
• Develop cyber-security business cases to secure the budget for improvements in the cyber-security maturity.

Coordinate cyber-security incident management, response and recovery for IT

• Develop incident response plans (aligned with the CSOC) and recovery processes for specific cyber-security events, linked to a reliable industry source (SANS Top 10,etc.).
• Coordinate the IT recovery process post a cyber-security incident.
• Secure the requisite IT resources and ensure that recovery efforts receive appropriate focus and priority.
• Write the IT Security incident report and share with the IT community, with emphasis on root cause and lessons learnt.
• Ensure that remediation work is undertaken in line with findings and is coordinated and tracked.

Effective stakeholder management

• Build effective working relationships with the line of business IT Security functions
• Have effective working relationships with Enterprise Technology Architecture to ensure that security roadmaps are aligned
• Become the service provider of choice and reduce the use of external consultants to absolute necessity, not preference
• Have effective relationships with the CSOC and FCC teams to be able to assist with technical expertise in the course of an investigation or IT Security incident
• Have effective relationships with the vendor community to be able to co-source the best skills on short notice to complement the team
• Have a strong relationship with the web development teams and ensure that secure development practices are adopted

Management of People

• Manage the Headcount and Budget for your business area/ department and ensure you remain within your allocated numbers for the year in collaboration with your Head, Finance and Human Capital Business Partner.
• Ensures the effective selection of staff by matching the skills and competencies to the requirements of the job, by following the recruitment policies and procedures. 
• Ensures skills assessments and competency-based training takes place as and when required.