Information Security Specialist

Information Security Specialist

Job Title: Information Security Specialist
Location: Gauteng
Salary: 1107028.00
Reference: JN -032017-7923
Job Published: April 06, 2017 10:06

Job Description


Information Security Governance, Risk and Compliance Specialist

About the job:

We have a vacancy for an Information Security Governance, Risk and Compliance Specialist within the Information Security Office. The incumbent will direct, develop, implement and maintain a comprehensive business-wide information security governance, risk and compliance (GRC) strategy. This position is based in Pretoria.

Key responsibilities:
  • Ensure alignment of information security governance with our business objectives, the information security strategy and architecture;
  • Ensure compliance with the applicable legislative and regulatory interpretation and corporate risk appetite;
  • Lead, develop, manage and maintain the business-wide information security governance deliverables life-cycle including compliance measurement, deviations and exemptions;
  • Engage with the relevant units and functions to synergize deliverables with requirements and business objectives;
  • Identify control deficiencies in the design and operating effectiveness of information security controls, design and recommend opportunities for continuous improvement;
  • Interpret and manage the controls and capabilities required for the business to establish and comply with an information security management system in alignment with information security international best practice and/or industry standard(s);
  • Develop, maintain and drive the business’s information asset inventory;
  • Develop, manage and implement the business-wide information security audit and assurance plans and schedules, including any specific business needs and requirements;
  • Manage and conduct formal information security risk analyses, reviews, tests, audits and/or self-assessments;
  • Design appropriate remedial actions for identified risks, drive remediation of findings and management of risks and exemptions;
  • Participate in ICT controls and compliance testing activities and/or audits;
  • Lead, develop and maintain a comprehensive and effective business-wide information security risk, threat and vulnerability management capability that effectively anticipates the latest threat and vulnerabilities for the business, as well as assesses and reduces information security risk to within the corporate risk appetite
  • Report information security risks in an appropriate way for different audiences;
  • Lead, drive and manage information security investigations and incident management;
  • Develop, manage and maintain an information security incident management capability;
  • Manage, plan, implement and monitor the business-wide information security awareness and training program;
  • Develop business-wide measurements to assess the effectiveness of this program, and drive continuous improvement;
  • Develop and implement unit specific or targeted awareness and training interventions based on business need, facilitate and/or provide information security awareness and training;
  • Manage information security staff, collaborate with various key stakeholders, provide consultancy and advisory services;

Qualifications, skills and experience:
  • A Bachelor’s degree in information technology/ systems, computer science, computer/ electronic engineering or related field with at least ten years’ information technology experience, of which six years must be in information security and three years in information security governance, risk and compliance;
  • A security clearance certificate or must be prepared to undergo a clearance process, nothing should preclude the individual from obtaining security clearance;
  • Experience in interpreting and understanding an organisation’s technical and business environment;
  • Experience in developing the appropriate information security governance and compliance measures;
  • Experience in writing information security policies, standards, processes, procedures and guidelines;
  • Experience in creating a sustainable information security compliance capability;
  • Experience in managing and developing baseline information security configurations and experience with common industry guidelines (such as CIS);
  • Experience with presenting information security concepts and ideas in a non-technical business-friendly language appropriate to the target audience;
  • Experience in information security risk and incident management, business continuity, disaster recovery, information security incident management, auditing and conducting assessments;
  • Experience with implementing international information security standards and/or best practice such as the ISO 27000 series, NIST 800 series, COBIT;
  • Experience in a broad range of information security domains as well as technical experience in various information security technologies and their associated capabilities;
  • Experience in managing and mentoring human resources.

Get similar jobs like these by email

By submitting your details you agree to our T&C's