Chief Information Security Officer

About the job Chief Information Security Officer

• 8 to 12 years experience

Experience in:

• Both local and global information security
• Information Security Architecture
• Information Security Audit
• Advisory and Consulting
• IT and Cyber-Security Management
• Cyber Analytics
• Vulnerability Management
• Access Governance, IT and Security Governance, Data Privacy
• Systems Risk Management and ICT Compliance Management
• Security Intelligence
• Security Threat and Risk Analytics
• Access Governance
• Threat and Vulnerability Assessment
• Security Information and Event Management
• Security Architecture, Strategy and Operating Models

Responsibilities:

• Responsible for the management of the cyber information security operation.
• Evaluates and matures cybersecurity procedures and capabilities, enhancing the operating and flow methods of the function.
• Leads community consciousness, change and communication projects, and ensure that there is an effective staff training programme to enhance the organisation's security culture.
• Reviews metrics and reporting for financial and risk management.
• Prevents significant reputational, financial or other loss to the organisation through the efficient and effective application of cyber information security expertise.
• Leads a global approach to adopting cybersecurity best practices through effective collaboration with technical, business and industry forums.
• To address the risk management of the cybersecurity environment and the definition and maintenance of cybersecurity policy and to contain the organisation's cybersecurity risk profile within acceptable parameters thereby achieving the groups risk appetite and enabling the statutory risk management responsibilities of the the company and the Board.
• Definition, creation and socialisation of long-term strategic direction and broad strategic frameworks and targets to deliver shareholder value for the company
• Ensure that there are appropriate structures, processes, policies, standards, governance and controls in place for effectively managing cybersecurity, and hold stakeholders to account.
• Determine and procure the requisite budget required to deliver the cybersecurity strategy and manage costs / expenses within approved budget to achieve cost efficiencies.
• To provide all the relevant stakeholders with the assurance that the identification, management and treatment of cybersecurity risks within organisation's systems are being effectively addressed to minimise operational losses, customer impact, service disruption, regulatory and reputational impact.
• From time to time, provide training, reporting and other ad-hoc responses to specific requests to company Board and governance committees.
• To give direction to the introduction of cybersecurity across the company and to ensure that effective systems are in place to support policy requirements by providing business units with an information security consultancy service.
• To liaise and participate on a high level in the IT architecture board and IT Exco and to get involved in the Systems Development Life Cycle of IT systems at an early stage to incorporate information security as an integral part of the system.
• Represent the company at regulatory and key industry cybersecurity bodies and play a pivotal role in advancing industry position and direction on key issues without prejudice to the company
• To manage the cybersecurity environment within the companywith regard to areas that the organisation manage on behalf of segments, supported by Service Level Agreements
• Provide access control mechanisms and participate in the management of company access control to systems through a systems to that performs authentication, authorisation, confidentiality, integrity and availability of data and resources and ensuring that the company is adequately protected against loss of confidentiality, integrity and availability of information
• To ensure that an cybersecurity framework exists for the companyand to ensure that Information Security Services has a mandate from executive management to perform its duties.
• Ensure that cybersecurity products, both hardware and software, fully support the security strategy and policies of the company
• To manage the cybersecurity investigations and security breaches in the companyand assist with group investigations into fraud related matters
• Monitor access controls and security violations in the mainframe and midrange environment by monitoring data leakage at gateway and endpoint and ensure that data is secured and monitoring system logs to identify potential threats and for usage in investigation
• To identify, define and maintain the cybersecurity policy and base line standards for the company and to implement group information security policies across the companythat will determine the necessary standards and procedures exists to support the policy ,and to ensure that all information security risks are minimised and controlled in a manner which satisfies the statutory, business and risk management requirements of the company
• To create a cybersecurity risk awareness program for the company and to ensure that staff are aware of cybersecurity risks and carry out monitoring programs in all areas to identify vulnerabilities, non-compliance and poor performance against base lines by participating.
• Implementing control mechanisms, which enables I&SS to have a view of the status of cybersecurity
• To develop and implement an cybersecurity strategy that both hardware and software fully support the cybersecurity strategy and policies
• Further ensure that the strategy is implemented via action plans supported by operational plans which support statutory, business and risk requirements.
• Ensure regular groupwide collaboration with the segments and subsidiaries respective cybersecurity leads in building the strategy and plans for cybersecurity.
• Execute the Business Unit people strategy that nurtures talent and embraces the values, culture and philosophy of entrepreneurship, accountability and innovation in order to meet current and future business needs.
• Hold direct reports accountable for the implementation of Leadership Strategy that drive behaviour towards high performance through succession planning, coaching and competency development