Main Purpose of the Job:
We are seeking a skilled and experienced Information Security Manager (ISM) to oversee and manage the overall planning, implementation, and management of the organisation’s information security strategies. The ideal candidate will be responsible for ensuring the integrity, confidentiality, and availability of all information assets across the organisation. This role will require collaboration with governance and risk teams, participation in security compliance forums, and the development of security frameworks to protect against emerging security threats.

Key Responsibilities:

• Strategy & Governance: Lead the development and execution of the organisation’s information security strategy, ensuring alignment with overall business goals. Work closely with stakeholders to define and implement security policies, standards, and procedures.

• Information Security Roadmap: Design and implement information security roadmaps and provide high-level guidance to ensure successful execution. Regularly review and update strategies to adapt to changing security landscapes.

• Security Risk Management: Define and implement methodologies for information risk assessments, including risk identification, evaluation, and mitigation strategies. Work with governance and risk teams to address all risk management requirements.

• Budget & Resource Management: Collaborate with other security roles to construct and manage the security budget. Ensure that necessary resources are allocated to meet the security needs of the organisation.

• Standards & Processes: Identify, develop, and enforce security standards and processes that support the overall IT security policy. Ensure continuous monitoring and reporting to meet compliance and regulatory requirements.

• Security Awareness & Training: Lead IT security awareness programs and provide ongoing training and certification for IT staff to enhance security knowledge across the organisation.

• Security Incident Management: Oversee the organisation’s incident management framework and support loss prevention initiatives to protect against data breaches and cyber-attacks.

• Compliance & Reporting: Ensure the application of security compliance in accordance with industry regulations and best practices. Report on security trends and risk management activities regularly to business stakeholders.

• Architecture & Design Review: Participate in architecture and design reviews to ensure security principles and standards are applied. Provide input to reference architecture and guide integrated solutions.

• Leadership & Team Collaboration: Lead and mentor the information security team, fostering a culture of collaboration and continuous improvement. Chair operational information security steering committees and participate in strategic security steering committees.

• Business Communication: Translate complex technical security matters into business terms for stakeholders and senior leadership. Provide periodic trend analysis with a focus on capital and financial markets security.

Minimum Requirements & Key Competencies:

• Education:

  • Bachelor’s degree in Information Systems, Computer Science, or a related field (NQF Level 7).

• Certifications:

  • Information Security certifications such as CISSP, CISM, or CISA.
  • Additional certifications in CGEIT, ITIL, or other IT-related fields are highly desirable.

• Experience:

  • A minimum of 8 years of experience in an information security environment.
  • At least 5 years of experience in a supervisory or management role.
  • Proven experience consulting on information security at the enterprise or business level.
  • Demonstrated application of best practices like ISO 27001 for information security management.

• Technical Expertise:

  • Strong knowledge of IT security at technical, procedural, and organisational levels.
  • Experience with security technologies and practices supporting the value chain.
  • Knowledge of Oracle, Linux, MS SQL, and network design (CISCO, LAN, WAN).

• Compliance & Legal:

  • Understanding of South African legal and regulatory security requirements, with the ability to interpret and apply them in the organisational context.

• Additional Knowledge & Skills:

  • Sound business and financial awareness.
  • Knowledge of ITIL, COBIT, and auditing processes.
  • Strong analytical, problem-solving, and decision-making skills.
  • Proficient in MS Office and other office productivity tools.

• Soft Skills:

  • Excellent communication skills, with the ability to translate technical information to business stakeholders.
  • Strong negotiation, conflict management, and interpersonal skills.
  • Ability to manage change effectively and lead cross-functional teams.
  • Ability to work independently while being a strong team player.

• Leadership & Teamwork:

  • Proven ability to lead multi-disciplinary teams, promoting collaboration and high performance.