PURPOSE OF POSITION
The Information security manager (ISM) is responsible for overall direction of all security functions associated with Information Technology applications, network communications (voice and data), and computing services within the enterprise. At the same time, the ISM must be aware of the implications of legislated requirements that affect security for the enterprise. The ISM has the responsibility for enterprise wide information security; he/she is also responsible for the physical security.
The ISM oversees and coordinates security efforts across the enterprise to identify security initiatives and standards. The information security manager will be support by various Cyber security outsourcing companies, who have the specialist skills, personnel and software that can assist with this function’s responsibilities.
The ISM reports to the COO
QUALIFICATION AND CERTIFICATION
- Bachelor's degree in Computer or information science; Preferably BSc
- CISM (Certified Information Security manager) or Certified Information System Security Professional (CISSP),
- Azure administration related certification and Office 365 administration certification required
EXPERIENCE AND TECHNICAL SKILLS
- 7+ years in information security, computer, information science, 1 year+ in Azure environment
- Cloud security (Mobile, Azure and M365)
- Encryption and key management
- Microsoft server infrastructure environment, some Lynx skills required
- Business continuity and high availability
- Identity and access management
- Malware analyses
- Incident management
- Managing of 3rd party service providers
- Penetration testing, Threat & Vulnerability Management
- Risk management and Analyses
- SIEM tools (Security information and event management)
- Governance, legal compliance and audit assurance
- Building and data centre security
- Attention to detail, analytical and diagnostic skills
- Creative thinking and Problem Solving
- Works well under pressure
- Ability to work in a team and independently
- Interpersonal skills
- Good communicator
- Deadline Driven
- Ability to implement policies
- Policy writing skills (will also be considered and can assist)
- Responsible for planning, motivating and managing the implementation of an appropriate security operational strategy for the organisation, providing an efficient and cost-effective service which meets the needs of the organisation;
- Responsible for providing operational information technology security and maintenance support to ensure that the organization’s infrastructure and systems are not compromised
- This operation support includes anti-virus logs, intrusion detection, server logs, key management as well as the delivery of and the content scanning of all internet mail incoming and outgoing, and all other data and voice communication flows…
- Reviews and fine-tunes intrusion detection/prevention system and firewall logs. Develops and implement s technologies to automate security monitoring.
- Responsible for developing, maintaining, updating and implementing appropriate incident response plans
- Ensures (in conjunction with the risk function, the IT infrastructure function and the IT development function) that adequate appropriate controls exist to minimize risk and that the controls will provide appropriate assurance to management.
- Conducts regular vulnerability assessments, penetration testing and risk assessments, and manages security audits and third parties conducting any of the aforementioned activities on behalf of the organisation.
- Manage the work and relationship of 3rd parties providing Security Operational Centre (SOC)
- Performs day-to-day operations, management and administration to protect the integrity, confidentiality and availability of information assets and technology infrastructures.
- Develops and implements new security solutions based on a wide variety of different technologies with 3rd parties vendors.
- Assists with investigations and coordinates the handling and resolution of security incidents, including coordination of third parties such as law enforcement and relevant industry bodies and regulators.
- Provides analytical and technical support to IT and Development team members and other business areas.
- Creates security baseline documents, policies and standards.
- Develop initiatives or alternatives to mitigate information security risk within budget constraints
- Responsible for data protection and privacy
- Assist and responsible with IT operations to set up a shared disaster recovery/business continuity plan
- Responsible for security awareness and to educate employees on how to identify suspicious activity
- Can be part a project member or manage projects to implemented Information security and other related projects