Security Compliance Officer - Cape Town
Salary Negotiable
Cape Town,
Western Cape
more than 14 days ago
The Job
To assist in the production, implementation and development of systems, processes and procedures by which the Company can demonstrate compliance to required internal policies and external standards, legislation and regulations
Auditing all business activities
• Identify areas to be audited and type of audit required
• Review policies prior to audits
• Interview employees
• Interrogate systems for evidence and accuracy
• Collect evidence on current practices and results
• Analyse findings and identify risks and non-compliances
• Feedback on findings to relevant management via a clear and constructive written report with recommendations where they can be made.
• Assist in the production of action plans, ensuring responsibilities and deadlines for actions are assigned
• Track and report on progress of actions
Creating & maintaining risk treatment plans
• Ensure that all central administration is complete and ready for assessment at agreed intervals including:
• Audit schedules
• Audit Reviews
• Audit Reports
• Ensure that all identified risks and risk events are processed accurately and effectively and incorporated into the central database for regular analysis
Identifying & evaluating information security risks
• Through auditing and investigations, be able to identify information security risks (in terms of confidentiality, availability, integrity and suitability
• Communicate with relevant personnel at all levels in the business to ensure that appropriate risk treatments are put in place.
• Support the business in selecting controls which will be a part of the company’s risk treatment plan
• Verify that the controls are in place and are effective and appropriate
Acting as an Information Security Advisor
• Respond to requests from the business for information and/or guidance regarding information security standards, polices and processes
• Providing input into new business proposals, business tenders etc.
Levels of Communication
• Deliver briefs and presentations as required internally
• Assist in the development and delivery of Information Security Training
• To drive information security committee meetings an forums with correct audience
Competencies required
• Communication
• Effectiveness
• Corporate Awareness
• Interpersonal skills
• Problem Solving
• Planning & Organising
• Strategic Implementations
Skills & Attributes
• Analytical
• Organised and structured approach to working
• Strong communications skills, both written and spoken to all levels of the business and external consultants
• Ability to work well with external consultants and bodies
• Ability to learn new things quickly
• Able to develop, document, implement new processes, procedures and policies by following the correct sign off process.
• Able to devise project plans and work to them
• Able to delivery presentations, briefs and training sessions to all levels of the business
• Able to build relationships at all levels of management within the business
• Able to be objective and logical in all communication methods and analysis of problems and in identifying root causes
Experience
• Matric/Equivalent
• Degree/equivalent preferred
• IT Qualifications - advantageous
• 3 years’ Experience of working within Information Security Compliance
• Experience of conducting risk assessments
• Experience of running risk management programmes and managing risk treatment programmes
• Experience of conducting internal audits
• Experience of managing compliance
• Experience of Managing PCI compliance
• Experience of working within call centre industry preferable
To assist in the production, implementation and development of systems, processes and procedures by which the Company can demonstrate compliance to required internal policies and external standards, legislation and regulations
Auditing all business activities
• Identify areas to be audited and type of audit required
• Review policies prior to audits
• Interview employees
• Interrogate systems for evidence and accuracy
• Collect evidence on current practices and results
• Analyse findings and identify risks and non-compliances
• Feedback on findings to relevant management via a clear and constructive written report with recommendations where they can be made.
• Assist in the production of action plans, ensuring responsibilities and deadlines for actions are assigned
• Track and report on progress of actions
Creating & maintaining risk treatment plans
• Ensure that all central administration is complete and ready for assessment at agreed intervals including:
• Audit schedules
• Audit Reviews
• Audit Reports
• Ensure that all identified risks and risk events are processed accurately and effectively and incorporated into the central database for regular analysis
Identifying & evaluating information security risks
• Through auditing and investigations, be able to identify information security risks (in terms of confidentiality, availability, integrity and suitability
• Communicate with relevant personnel at all levels in the business to ensure that appropriate risk treatments are put in place.
• Support the business in selecting controls which will be a part of the company’s risk treatment plan
• Verify that the controls are in place and are effective and appropriate
Acting as an Information Security Advisor
• Respond to requests from the business for information and/or guidance regarding information security standards, polices and processes
• Providing input into new business proposals, business tenders etc.
Levels of Communication
• Deliver briefs and presentations as required internally
• Assist in the development and delivery of Information Security Training
• To drive information security committee meetings an forums with correct audience
Competencies required
• Communication
• Effectiveness
• Corporate Awareness
• Interpersonal skills
• Problem Solving
• Planning & Organising
• Strategic Implementations
Skills & Attributes
• Analytical
• Organised and structured approach to working
• Strong communications skills, both written and spoken to all levels of the business and external consultants
• Ability to work well with external consultants and bodies
• Ability to learn new things quickly
• Able to develop, document, implement new processes, procedures and policies by following the correct sign off process.
• Able to devise project plans and work to them
• Able to delivery presentations, briefs and training sessions to all levels of the business
• Able to build relationships at all levels of management within the business
• Able to be objective and logical in all communication methods and analysis of problems and in identifying root causes
Experience
• Matric/Equivalent
• Degree/equivalent preferred
• IT Qualifications - advantageous
• 3 years’ Experience of working within Information Security Compliance
• Experience of conducting risk assessments
• Experience of running risk management programmes and managing risk treatment programmes
• Experience of conducting internal audits
• Experience of managing compliance
• Experience of Managing PCI compliance
• Experience of working within call centre industry preferable
Recruiter: TeleperformanceRSA