Risk Management and Business Continuity - Cape Town

Location: Century City, Cape Town

About the job:
Work with Information security team to ensure that information security standards and controls have been identified, implemented and adhered to for the location. Carry out risk assessment, conducting internal information security audits and driving information security awareness. Act as the Business Continuity Management site lead for the respective operating location. The role involves delivering on the contractual commitments of clients from a Business Continuity perspective and drive the Business Continuity Program at a site level. On an Adhoc basis, the person would be responsible for crisis management at the site level liaising with the local leadership at the delivery location in managing, engaging and communicating with key stakeholders, both internal and external

Duties Include:
• Carry out all ISMS activities to ensure maintenance of ISO 27001:2005, PCI-DSS certifications at respective locations
• Ensure client’s information security requirements are effectively addressed
• Assist Information Security Manager / CISO in overseeing compliance activities relating to information security and privacy

• Front ending consulting and service delivery of Business Continuity Management Program for the clients in respective location
• Delivering on the contractual commitments for the clients who opt for BCM program and initiatives
• Acting as the central coordinator for actual / potentially disruptive incidents at the location and follow laid protocol of Incident Management
• Drive closure to all annual BCM activities at a Site Level with timely reporting
• Assisting the Head of BCP with client management / business development related Pre-Sales activities

• Conducting risk assessment (‘RA’) exercises
• Managing the Information security management system lifecycle for ISO27001 standard
• Conducting PCI-DSS related activities
• Conduct internal information security audits at periodic intervals
• Participate in client’s audits and information security implementation exercises
• Driving information security awareness to ensure employees are aware of their responsibilities toward information security

• Completion and revision of Business Impact Analysis (‘BIA’) exercises for AVIVA at the transition stage
• Conducting risk assessment (‘RA’) exercises for the operating location on a periodic basis
• Creating business continuity strategies for clients (per contractual commitments or on basis of client / internal requests)
• Creating / ensuring updates to business continuity plans (by liaising with appropriate personnel from operations and other enabling units)
• Drive closure to all annual BCM activities at a Site Level with timely reporting to the clients
• Conducting periodic training sessions and awareness audits for key participants in the recovery process
- Emergency Awareness Training
- Fire Drills
• Conducting periodic testing exercises as per testing calendars (developed internally or as agreed with clients)
- Review and update of all business continuity plans
- Communication Cascade Test
- Work Area Recovery Test

• Experience in implementing information security (BS7799 / ISO27001:2005) – minimum 2 years
• Overall work experience – minimum 6 - 7 years
• 4 to 5 years’ experience in implementation and management of information security & Business Continuity Management programs
• Must be CISA certified
• Strong understanding of Information security concepts
• A good understanding of various information system technologies including: LAN / WAN, firewalls, enterprise Antivirus management systems, OS hardening guidelines etc.
• Proficiency in performing vulnerability assessment
• Good verbal communication and written documentation skills
• Good communication skills to interact with all levels of management
• Independent management of all Information security & BCM related activities with minimal supervision
• Degree in computer science preferable
• BPO experience preferable

What to include:
1. Detailed cv (Please include month and year employed)
2. Reason for leaving last employ
3. Current salary
4. Required salary
5. Motivational letter
6. Please indicate race for BEE purposes

The biggest job-related Twitter account in the world Best Business Blog Winner / SA Blog Awards 2013