Head of Security and Infrastructure - Stellenbosch
Leads the technical expertise and direction of the central infrastructure team.
Leads the IT Risk assessment, penetration test, vulnerability scans, and social engineering.
Responsible for all data security, system backups and disaster recovery procedures.
Responsible for conducting monthly vulnerability scans and disaster recovery simulations; and communicating the critical results to management.
Educates management & staff on security risk through reporting and presentations.
Monitors Information Security industry trends and educates the organization of critical information.
Develops, plans, and manages the Information Security Program to include policies, procedures, and standards.
Leads the project initiatives to research, validate, and manage Information Security vendors and products to ensure robust detection, prevention, and monitoring tools are in place.
Defines the Information Security plan to resolve gaps identified from audits, risk assessments or vulnerability scans.
Leads cyber security investigations providing summaries and recommendations to resolve the matter. Works closely with IT and project teams to ensure that new projects meet or exceed information security requirements.
Achieves Information Security and operational objectives by developing and executing strategic plans which reduce risk to information assets.
Protects information assets by developing security strategies, directing system access control, monitoring, and response.
Implements regulatory requirements, industry standards, and best practices such as POPI, GDPR, etc ensuring the Information Security Program is held to the highest standard.
Leads Information Security projects to align with organizational strategic objectives, goals, and risk tolerance.
Degree in Computer Science, Information Technology or related field.
At least 4 years of information security experience.
At least 4 years of server administration experience.
Experience with standards and best practices such as POPI, GDPR, SOC 2 compliance.
Required demonstrated knowledge of information technology security trends and leading best practices.
Minimum of 2 years’ experience directly leading infrastructure or security focused staff in a team environment.
Experience and expertise in managing and administering infrastructure and data systems.
Minimum of 3 years’ experience in at least five of the following: access control systems and methodology; business continuity and disaster recovery planning; risk, response, and recovery; network security architecture; security management practices; audit and monitoring; enterprise and IT risk assessments; incident response management.
Demonstrable experience of managing complex disaster recovery plans & procedures.
Demonstrable experience of drafting and introduction of data protection and disaster recovery policies.
Requires working knowledge of ISP’s and its operations and procedures.
Excellent time management skills and the ability to prioritize multiple initiatives and projects.
Ability to establish strategic direction for the department and provide the roadmap of initiatives and priorities in support of that vision.
Ability to operate at all levels of the organization.
Excellent interpersonal skills including oral and written communications.
Ability to manage change within the organization.
Ability to maintain a high level of confidentiality.
Technically proficient in IT and Information Security controls and concepts.
Demonstrate flexibility and the ability to work in a team environment.
Strong organizational and planning skills, resourcefulness, and creative problem solving skills.