Information Security Officer - Cape Town
Salary Negotiable
Cape Town,
Western Cape
more than 14 days ago
Information Security Officer needed in Cape Town, to lead a critical team overseeing, executing, and analysing required security controls and governance mechanisms with regards to the company’s PCI-DSS, PCI P2PE and compliance activities (e.g., policies, standards, frameworks). The candidate will be a seasoned professional in the payments industry who can enhance, mold, and develop the division further. They will be required to work well under pressure and adhere to tight deadlines including, chairing senior client meetings for all related areas of this specialised role.
Requirements
• IT related Diploma/Degree (3 years)
• Systems Security Certified Practitioner (SSCP)
• Extensive working knowledge of security related legal and regulatory requirements specifically PCI-DSS and PCI P2PE
• Payment processing experience
• IT Corporate Governance Principles
• Security risk management experience
• Advanced Microsoft Office skills
• Excellent communication skills both written and verbal
Job Description:
• Develop, implement, test, and review the organisation's information security to protect information/data and prevent unauthorized access to it.
• Develop, establish, and maintain standards, procedures and guidelines to promote the security of computer-based application systems.
• Develop and maintain information and data classification guidelines, standards, and procedures.
• Identify and address exposures to accidental or intentional destruction, disclosure, modification, or interruption of information that may cause serious financial and/or information loss to the organisation.
• Be responsible for the protection of the electronic data processed by or stored by the organisation.
• Maintain reporting line of employees: Performance; time management; integrity; quality of work; communication; escalations.
• Extensive working experience of PCI-DSS with experience in undertaking annual Audits and revalidations.
• Extensive working experience of PCI-P2PE with experience in submissions and revalidations.
Accountabilities:
• Product owner for PCI DSS and PCI P2PE.
• Manage the information security function in accordance with the established policies and guidelines.
• Function as an internal consulting resource on information security issues.
• Manage the information security risk assessment program.
• Review compliance with the information security policy and associated procedures.
• Coordinate information security efforts with all departments.
• Stay current with changes in security risks, threats, and requirements.
• Coordinate security orientation and security awareness programs.
• Co-ordinate and review the results of periodic internal and external penetration tests and ensure that timeous mitigating and corrective action is taken, as appropriate.
• Co-ordinate and review the results of periodic internal and external vulnerability scans and ensure that timeous mitigating and corrective action is taken, as appropriate.
• Additionally, the ISM reviews systems to identify potential security weaknesses, recommend improvements to amend vulnerabilities, implement changes and document upgrades.
• Perform information security risk analysis and periodic information system activity reviews for information security processes.
• Key management and ensuring associated security controls adhered.
• Monitor changes in legislation and accreditation standards that affect information security.
• Monitor and control specific security improvement projects.
• Monitor Business-As-Usual evidence and controls.
• Perform security reviews of offsite storage locations, logical and user access management and reviews.
• Perform internal audits as well as co-ordinate security audits.
• Co-ordinate and manage compliance and security external audits.
• Co-ordinate and review key management functions, processes, and audits.
• Any task specifically related to information security not specifically defined above.
Requirements
• IT related Diploma/Degree (3 years)
• Systems Security Certified Practitioner (SSCP)
• Extensive working knowledge of security related legal and regulatory requirements specifically PCI-DSS and PCI P2PE
• Payment processing experience
• IT Corporate Governance Principles
• Security risk management experience
• Advanced Microsoft Office skills
• Excellent communication skills both written and verbal
Job Description:
• Develop, implement, test, and review the organisation's information security to protect information/data and prevent unauthorized access to it.
• Develop, establish, and maintain standards, procedures and guidelines to promote the security of computer-based application systems.
• Develop and maintain information and data classification guidelines, standards, and procedures.
• Identify and address exposures to accidental or intentional destruction, disclosure, modification, or interruption of information that may cause serious financial and/or information loss to the organisation.
• Be responsible for the protection of the electronic data processed by or stored by the organisation.
• Maintain reporting line of employees: Performance; time management; integrity; quality of work; communication; escalations.
• Extensive working experience of PCI-DSS with experience in undertaking annual Audits and revalidations.
• Extensive working experience of PCI-P2PE with experience in submissions and revalidations.
Accountabilities:
• Product owner for PCI DSS and PCI P2PE.
• Manage the information security function in accordance with the established policies and guidelines.
• Function as an internal consulting resource on information security issues.
• Manage the information security risk assessment program.
• Review compliance with the information security policy and associated procedures.
• Coordinate information security efforts with all departments.
• Stay current with changes in security risks, threats, and requirements.
• Coordinate security orientation and security awareness programs.
• Co-ordinate and review the results of periodic internal and external penetration tests and ensure that timeous mitigating and corrective action is taken, as appropriate.
• Co-ordinate and review the results of periodic internal and external vulnerability scans and ensure that timeous mitigating and corrective action is taken, as appropriate.
• Additionally, the ISM reviews systems to identify potential security weaknesses, recommend improvements to amend vulnerabilities, implement changes and document upgrades.
• Perform information security risk analysis and periodic information system activity reviews for information security processes.
• Key management and ensuring associated security controls adhered.
• Monitor changes in legislation and accreditation standards that affect information security.
• Monitor and control specific security improvement projects.
• Monitor Business-As-Usual evidence and controls.
• Perform security reviews of offsite storage locations, logical and user access management and reviews.
• Perform internal audits as well as co-ordinate security audits.
• Co-ordinate and manage compliance and security external audits.
• Co-ordinate and review key management functions, processes, and audits.
• Any task specifically related to information security not specifically defined above.
Recruiter: Morpheus Recruitment