Specialist: Information Risk at Openserve

Responsible for the identification, measurement, control and minimisation of loss associated with uncertain risks throughout the ICT environment. The development, documentation, implementation and monitoring of an Information risk management framework including policies, standards, procedures, and security architecture to ensure delivery and awareness of sound Information Security management practices company wide, including compliance with national legislation and international standards. Researches and stays abreast of worldwide best practice and regulations. Provides expert advice and consultancy with respect to risk management practices and concerns within IT and business architectures, applications, changes, solutions and operational processes.
 

Competencies

KNOWLEDGE

• Information Risk Assessment & Management; Change Management & Change Risk; Security Standards, Policies & Practices; Information Risks within Systems & IT Architecture; Information Risks within People & Processes; Enterprise & Security Architecture; Operational Security Practices; Management Information Security Awareness; Analytical & Investigative; Communication & Interpretation; Decision Making; Problem Solving; Project & Task Management; Risk Awareness

COMPETENCIES

• Integrity; Assertive; Confident; Initiator; Supportive; Persuasive; Team Player; Problem Ownership

Job Responsibilities

• Information Security Risk Management
•  Report on Enterprise Information Risk
•  Research, Identify and Assess Information threats to business (New and existing)
•  Project and Change Consultation and Assessment of Risk
•  Information Risk assessment, rating, management, and resolution
•  Represent Information Security in Governance and Business processes
•  Monitor, Assess and Report on Operational Security Assurance process
• Information Security Governance
•  Create/ Maintain/ Communicate Information Security Policies and Standards
•  Ensure Regulatory and Security Policy Compliance and Business Risk alignment
•  Manage Policy review, update and approvals process
•  Support Security Governance Forum and ISMS Processes
•  Maintain Information Security Strategy ensuring Business Strategy Alignment
•  Ensure Information Security Awareness of Policy and Business Risks
• Information Security Architecture
•  Ensure Enterprise Security Architecture aligns with business requirements and risks
•  Advise and recommend Technical Security direction in support of Enterprise Security Architecture
•  Define, Assess and Communicate Information Security elements within Business and IT Architecture
•  Information Security input to Business cases and projects
•  Ensure Information Security Architecture requirements are met within all systems and processes

Required Certification

• Mandatory certifications: Must have at least one of the following - CISM, CRISC CISSP, SABSA or ISO27001/2
• Additional desired certification: CoBIT, TOGAF, ITIL

Qualifications & Experience

• Relevant 3 year Degree or Diploma in IT or Information Security (at least NQF level 6). Minimum of 5 years experience in a IT, Network or Information Security role, of which at least 3 years must have been in an Information Security Risk Management or Information Security Governance role.

Special Requirements

•  Prepared to work all hours as required
•  Valid driver's license
•  No Criminal record