Senior Manager Information Sercurity - Cape Town
Salary Negotiable
Cape Town,
Western Cape
more than 14 days ago
Position: Senior Manager in Information Security: Market-related Salary in Cape Town
This company is a leading operations management and analytics company that helps businesses enhance growth and profitability in the face of relentless competition and continuous disruption.
The company serves the insurance, healthcare, banking and financial services, utilities, travel, transportation and logistics industries. With headquartered in New York, the company has approximately 25,000 professionals in locations worldwide.
The company’s offices are centrally located in the heart of Cape Town.
Minimum requirements:
Minimum Graduation (Science and Engineering Background Only)
One or more of the following certifications: CISSP / CISA / CISM / ISMS Lead Auditor
Total Experience: 7-9 years
4-6 Years of experience in the field of security consulting and / or security audits for large corporate/BPO with multiple sites. Experience and knowledge on ISO27001, SOX, SAS70, information security audits, security policy & process development, etc. Experience and knowledge of multiple operating systems, databases, networks, ERP, etc
Risk Management experience in either:
Implementation of ISO27001 Information Security Management Systems (ISMS) and / or Security control framework based on:
COBIT or GCC (general computer controls) for SOX404 compliance
SAS 70 Audit requirements
· Strong domain understanding of offshore technology sectors and / or business operations
· Capable of managing project tasks individually and as a team
· Ability to document and explain technical details in a concise & understandable manner
· Excellent client relationship management skills
· Excellent oral and written communication skills
· Excellent Presentation & Public speaking skills
Primary Responsibility:
Ensuring implementation and compliance to EXL’s information security policies (ISO27001), associated regulations and standards
Facilitate external audits, SAS 70 reviews, rating agency reviews and customer audits, and actively project-manage the remediation of audit findings
Performance Parameters:
Maturity of Information Security at EXL
Compliance to Information Security policies, standards and processes
Security incident management
Client relationship management (facilitate external audits, SOX / SAS 70 reviews, rating agency reviews and customer audits)
Role Responsibilities:
Serve as internal information security consultant to the organization. Responsible for security planning and effectively managing information security risks within the operating environment
Define information security policies, standards and processes for the organization
Implement, manage and report on adherence to information security policies & standards
Conduct and also perform reviews of overall information security risk assessments and associated activities including threat & vulnerability analysis, risk identification and review / approve security plans
Identify, and report any gaps and issues in risk assessment, risk mitigation, control implementation, testing and monitoring and updating processes
Facilitate external audits, SAS 70 reviews, rating agency reviews and customer audits, and actively project-manage the remediation of audit findings
Understand Corporate Incident Management process and requirements, and in the event of an incident work closely with corporate security teams
Provide direct training and oversight to all employees, affiliate marketing partners, alliances, or other third parties, ensuring proper information security clearance in accordance with established organizational information security policies and processes
Initiate, facilitate, and promote activities to create information security awareness within the organization
Primary Internal Interactions:
Technology Group
DRP / BCP teams
Corporate functions viz, Internal Audit, HR, Facilities, Finance, Legal, etc
Primary External Interactions:
Client / Client Auditors
Security product and service vendors
This company is a leading operations management and analytics company that helps businesses enhance growth and profitability in the face of relentless competition and continuous disruption.
The company serves the insurance, healthcare, banking and financial services, utilities, travel, transportation and logistics industries. With headquartered in New York, the company has approximately 25,000 professionals in locations worldwide.
The company’s offices are centrally located in the heart of Cape Town.
Minimum requirements:
Minimum Graduation (Science and Engineering Background Only)
One or more of the following certifications: CISSP / CISA / CISM / ISMS Lead Auditor
Total Experience: 7-9 years
4-6 Years of experience in the field of security consulting and / or security audits for large corporate/BPO with multiple sites. Experience and knowledge on ISO27001, SOX, SAS70, information security audits, security policy & process development, etc. Experience and knowledge of multiple operating systems, databases, networks, ERP, etc
Risk Management experience in either:
Implementation of ISO27001 Information Security Management Systems (ISMS) and / or Security control framework based on:
COBIT or GCC (general computer controls) for SOX404 compliance
SAS 70 Audit requirements
· Strong domain understanding of offshore technology sectors and / or business operations
· Capable of managing project tasks individually and as a team
· Ability to document and explain technical details in a concise & understandable manner
· Excellent client relationship management skills
· Excellent oral and written communication skills
· Excellent Presentation & Public speaking skills
Primary Responsibility:
Ensuring implementation and compliance to EXL’s information security policies (ISO27001), associated regulations and standards
Facilitate external audits, SAS 70 reviews, rating agency reviews and customer audits, and actively project-manage the remediation of audit findings
Performance Parameters:
Maturity of Information Security at EXL
Compliance to Information Security policies, standards and processes
Security incident management
Client relationship management (facilitate external audits, SOX / SAS 70 reviews, rating agency reviews and customer audits)
Role Responsibilities:
Serve as internal information security consultant to the organization. Responsible for security planning and effectively managing information security risks within the operating environment
Define information security policies, standards and processes for the organization
Implement, manage and report on adherence to information security policies & standards
Conduct and also perform reviews of overall information security risk assessments and associated activities including threat & vulnerability analysis, risk identification and review / approve security plans
Identify, and report any gaps and issues in risk assessment, risk mitigation, control implementation, testing and monitoring and updating processes
Facilitate external audits, SAS 70 reviews, rating agency reviews and customer audits, and actively project-manage the remediation of audit findings
Understand Corporate Incident Management process and requirements, and in the event of an incident work closely with corporate security teams
Provide direct training and oversight to all employees, affiliate marketing partners, alliances, or other third parties, ensuring proper information security clearance in accordance with established organizational information security policies and processes
Initiate, facilitate, and promote activities to create information security awareness within the organization
Primary Internal Interactions:
Technology Group
DRP / BCP teams
Corporate functions viz, Internal Audit, HR, Facilities, Finance, Legal, etc
Primary External Interactions:
Client / Client Auditors
Security product and service vendors
Recruiter: Black Pen Recruitment