14 Mar '19
General Manager: Information Security Operations

Information Technology, Gauteng JHB - Western Suburbs

R R2m pa - R R2pa

The General Manager Information Security Operations is the head of IT security, driving the IT security strategy and implementation whilst protecting the business from security threats and cyber-hacking. Operational compliance to all ISO and other standards and regulations is a key responsibility. Will conduct continuous analysis of new security frameworks and industry best practices in order to i

Strategic Objectives

  • Ensure stakeholder management is incorporated properly as integral part of organisation wide risk management strategy and approach;
  • Support and participate in the strategic planning of company and implement those plans in order to achieve the strategic objectives and deliverables;
  • Ensure implementation of long-term strategy for the cyber security and alignment of all activities within company;
  • Engage with company stakeholders to produce value exchange that builds the relationship capital which is sufficient to facilitate the sustainable value creation for company
  • Develop, implement and execute the required stakeholder engagement plans based company business plan;
  • Provide company with insights into cyber security landscape and dynamics;
  • Render advice on the strategies, approaches and messages that will ensure maximum impact in the current cyber security environment.

 

Security Operations and Security Forensic Investigations

  • Full responsibility for the company adoption and implementation of the NIST Cyber Security Framework (Detect, Respond and Recover);
  • Assist the Information Security management team in order to define and implement the Cyber Security and Privacy Risk framework, policies and procedures;
  • Identify, evaluate and adopt an information model for Threat Intelligence to allow for threat intelligence to be aggregated, standardized and used in a uniform manner to understand risk and make informed cybersecurity decisions. E.g. Actor, Target, Effect, and Practice (ATEP) structure.

 

Collaborate with the Technology General Managers

  • Managing the daily operation and implementation of the IT security strategy;
  • Conducting a continuous assessment of current IT security practices and systems and identifying areas for improvement;
  • Running security audits and risk assessments;
  • Delivering new security technology approaches and implementing next generation solutions;
  • Overseeing the management of the IT security department, giving leadership to the team and developing staff;
  • Ensuring compliance and governance is met;
  • Driving change projects and building new IT capabilities;
  • Developing and implementing business continuity plans to ensure service is continuous when a change programme is introduced, or a security breach occurs or in the event of the disaster recovery plan needs to be triggered;
  • Protecting the intellectual property of the organisation at all times;
  • Devising strategies and implementing IT solutions to minimise the risk of cyber-attacks;
  • Reviewing, analysing and delivering data information;
  • Communicating digital programmes and strategy to a range of stakeholders;
  • Managing the IT security budget and communicating this with the appropriate parties;
  • Reporting to the Executive team and being an active member of the senior management team;
  • Security Program Management and the General Manager Information Security Architecture and Technical Excellence to define the cyber defence plan and drive the execution;
  • Develop Cyber awareness training for ops team (& Service desk) including Incident training;
  • Fully responsible for defining vulnerability and incident management processes and procedures; 
  • Develop and implement processes for preventing, detecting, identifying, analysing and responding to information security incidents;
  • Conduct reviews to identify causes of information security incidents, develop corrective actions and reassess risk;
  • Ensure that industry best standards and security threats are continuously updated to ensure a best in class security operations function.  

 

Budgets

  • Manage divisional budgets in line with business objectives and facilitate forecasting;
  • Manage project initiative budgets in line with business objectives; and
  • Drive initiatives that will ensure that the “cost of operations” are reduced, in line with a least cost operating strategy stemming from the business drivers.

 

Operational Delivery

  • Works with business risk management and with other risk management/assurance functions to identify security requirements, security architecture and security Governance Risk and Compliance for the Opco, using various method such as risk and business impact assessments;
  • Reports to management concerning residual risk, vulnerabilities and other security exposures, including misuse of information assets and noncompliance;
  • Research and assess new threats, security alerts and indicators of compromise and recommends appropriate actions;
  • Ensure and develop holistic Security Operations Centre KPI’s and manage achievement thereof;
  • Lead the conduct of security control and vulnerability assessments to identify weaknesses and assess the effectiveness of existing controls, and recommends remedial action;
  • Directly responsible for facilitating information security risk assessments in OPCOs to ensure threats are managed;
  • Identify emerging information security trends in the telecom industry and engage the company stakeholders to ensure that threats are managed;
  • Prepares system security reports by collecting, analysing, and summarizing data and trends.

Requirements:

Education:

4 year Engineering/ Information Science Degree, Masters in Information Science is preferred.

Experience:

  • At least 8 years of relevant work experience in Information Technology (specifically security);
  • 2-3 years of experience at the Senior Management level in the telecom industry;
  • 2-3 years working experience in managing information security in a large organisation;
  • Experience in managing and implementing large scale information security projects;
  • Experience working across the country and have a grasp of infrastructure and integrity challenges;
  • Advanced working understanding of the information technology environment of a telecom company;
  • Fluent in English;
  • Multi-country operations oversight experience.

Training:

  • CISSP certification;
  • Other preferred certifications are: CISA, CISM, CBCP, ISO 27001 Lead Auditor or Lead Implementer.

 

Should you not receive a response within 10 working days, please consider your application as unsuccessful

 

 

Ad Visible Until: 13 April 2019
Ref: PTA000617/EO

Vacancy Type: Permanent