Job Description

Key Job Accountabilities: o Lead and oversee business risk and vulnerability assessments for the company's Information Systems and provide authoritative advice and guidance on security strategies to manage identified risks and ensure adoption, and adherence to, the company's Information Security Policies and Procedures. Support the Head of Information Security in developing and communicating Corporate Information Security Policies and Procedures o Carry out risk assessment of complex information systems and infrastructure components to identify threats to the confidentiality, integrity, availability, accountability, and relevant compliance of information systems. Contributes to classification of data types held and audits of information systems and contribute to data breach planning. o Review compliance to information security policies and standards, configuration assessment, adherence to legal and regulatory requirements, and recommend appropriate action. o Conduct risk, vulnerability and business impact assessments of business applications and computer installations and recommend appropriate action to management. o Investigate major breaches of security and recommend appropriate control improvements in accordance with established procedures including incident management procedures. o Contribute to development of information security policy, standards, and guidelines. o Provide authoritative advice and guidance on security strategies to manage identified risks and ensure adoption, and adherence to standards. o Deliver and contribute to the design and development of specialist IT security education and training to IT and system user management and staff. o Ensure that incidents are handled according to agreed procedures. o Investigate escalated incidents to responsible service owners and seeks resolution. o Regularly monitor the incidence, status, and speed of resolution of incidents. Analyze metrics and report on the performance of the incident management process. Qualifications: o Bachelor's degree in computer science/Engineering, Information Technology, Information Systems o 10 years' Information Security experience. o Conversant with relevant Information Security national and international standards. o Experience in accordance with relevant IT competency frameworks. o Good working knowledge of Information Security coupled with equivalent knowledge of the activities of those businesses and other organizations that employ IT. o Understanding of the principles and practices involved in development and maintenance of Information Security requirements. o Ability to assess and evaluate risk and the impact of legislation, and actively promotes compliance. o Possesses a good understanding of IT business applications. o Effective and persuasive in both written and oral communication.