Head of Security and Infrastructure - Stellenbosch Verfied

Salary Negotiable Stellenbosch, Western Cape Stellenbosch, Western Cape more than 14 days ago 03-06-2019 2:33:39 PM
29-07-2019 2:33:39 PM
Head of Security & Infrastructure
Stellebosch

The Head of Information Security is responsible for system, application & information security across the organisation. The role will also be responsible for all the shared infrastructure (servers) being deployed in the group, include all the OSS/BSS servers running at the various offices.

Reports to: National Manager – Systems
Key Responsibilities
• Leads the technical expertise and direction of the central infrastructure team.
• Leads the IT Risk assessment, penetration test, vulnerability scans, and social engineering.
• Responsible for all data security, system backups and disaster recovery procedures.
• Responsible for conducting monthly vulnerability scans and disaster recovery simulations; and communicating the critical results to management.
• Educates management & staff on security risk through reporting and presentations.
• Monitors Information Security industry trends and educates the organization of critical information.
• Develops, plans, and manages the Information Security Program to include policies, procedures, and standards.
• Leads the project initiatives to research, validate, and manage Information Security vendors and products to ensure robust detection, prevention, and monitoring tools are in place.
• Defines the Information Security plan to resolve gaps identified from audits, risk assessments or vulnerability scans.
• Leads cyber security investigations providing summaries and recommendations to resolve the matter. Works closely with IT and project teams to ensure that new projects meet or exceed information security requirements.
• Achieves Information Security and operational objectives by developing and executing strategic plans which reduce risk to information assets.
• Protects information assets by developing security strategies, directing system access control, monitoring, and response.
• Implements regulatory requirements, industry standards, and best practices such as POPI, GDPR, etc ensuring the Information Security Program is held to the highest standard.
• Leads Information Security projects to align with organizational strategic objectives, goals, and risk tolerance.

Education and Experience Requirements:
• Degree in Computer Science, Information Technology or related field.
• At least 4 years of information security experience.
• At least 4 years of server administration experience.
• Experience with standards and best practices such as POPI, GDPR, SOC 2 compliance.
• Required demonstrated knowledge of information technology security trends and leading best practices.
• Minimum of 2 years’ experience directly leading infrastructure or security focused staff in a team environment.
• Experience and expertise in managing and administering infrastructure and data systems.
• Minimum of 3 years’ experience in at least five of the following: access control systems and methodology; business continuity and disaster recovery planning; risk, response, and recovery; network security architecture; security management practices; audit and monitoring; enterprise and IT risk assessments; incident response management.
• Demonstrable experience of managing complex disaster recovery plans & procedures.
• Demonstrable experience of drafting and introduction of data protection and disaster recovery policies.
Required Knowledge, Skills and Abilities:
• Requires working knowledge of ISP’s and its operations and procedures.
• Excellent time management skills and the ability to prioritize multiple initiatives and projects.
• Ability to establish strategic direction for the department and provide the roadmap of initiatives and priorities in support of that vision.
• Ability to operate at all levels of the organization.
• Excellent interpersonal skills including oral and written communications.
• Ability to manage change within the organization.
• Ability to maintain a high level of confidentiality.
• Technically proficient in IT and Information Security controls and concepts.
• Demonstrate flexibility and the ability to work in a team environment.
• Strong organizational and planning skills, resourcefulness, and creative problem solving skills.