|Job title:||Information Security Management Systems Lead|
|Employment type:||Full Time|
|Experience:||6 to 8 years|
|Salary:||R400000 to R789000|
|Job published:||27 July 2020|
|Job reference no:||1296128144|
• A minimum of B Degree in Computer Science/ Information Technology/ Computer Systems Engineering/ Information Systems OR related field.
• CISM, CISA, ISO 27001 Lead Implementor, Lead Auditor,
• A minimum of 6-8 years of experience in Information Security or related ICT environment and Professional Certification in Information Security.
• Professional experience in running the Governance, Risk and Compliance office applying frameworks to manage, measure and report risks.
• A good understanding of security and privacy regulations such as RICA, POPI, ECT Act, and corporate security policies and procedures.
• Strong understanding of security and auditing standards such as ISO 27001:2013
• Knowledge of various information security domains
• Practical experience of ISMS implementation
• Implement, maintain, monitor and ensure the effective operation of the Information Security Management System (ISMS) following guidelines from the ISO/IEC 27001:2013 standard for the PIC.
• Define and implement key processes and functions required to enable the ISMS in PIC.
• Conduct interviews with relevant responsible and accountable personnel and scrutinise the relevant documentation to ensure that ISMS requirements are met.
Internal Use Only
• Conduct the information security risk assessments and ensure that the risk remediation plans tie in with the controls design and implementation of ISMS.
• Manage and coordinate the risk register, risk exceptions, metrics, reporting and the management of identified information security risk, remediation actions plans from all sources.
• Assist with preparation of information security documentation and executive level reports (e.g. Board, Audit, and Risk Committees).
• Assess and mitigate third party vendor, and information security compliance risks from current and changing business practices, systems, policies, regulations, and laws to ensure secure information handling and exchange processes.
• Planning and organising
• Complex problem solving
• Analytical skills
• Inductive and deductive reasoning
• Thinking creatively
• Judgement and decision making