This site uses cookies. By browsing this site, you agree to our use of cookies. Read more about our use of personal information on our Privacy Policy. x

Information Security Officer

General

  • Develop, implement, test and review the organisation’s information security in order to protect information /data and prevent unauthorized access to it
  • Develop, establish and maintain standards, procedures and guidelines to promote the security of computer –based application systems
  • Develop and maintain information and data classification guidelines, standards and procedures
  • Identify and address exposures to accidental or intentional destruction, disclosure, modification, or interruption of information that may cause serious financial and/or information loss to the organization
  • Be responsible for the protection of the electronic data processed by or stored by the organization

Responsibilities

 

  • Establish and maintain information security standards, procedures and policies in compliance legislative and industry requirements.
  • Manage the information security function in accordance with established policies and guidelines.
  • Function as an internal consulting resource on information security issues
  • Conduct and maintain the information security risk assessment
  • Review compliance with the information security policy and associated procedures
  • Coordinate information security efforts with the compliance Department
  • Stay current with the changes in the security risks, threats and requirements and ensure that the company is aware of such risks and assist the company in implementing appropriate mitigating and counter risk controls
  • Coordinate security orientation and awareness programs
  • Perform periodic internal penetration tests
  • Perform periodic internal vulnerability tests
  • Review the results of the external penetration tests and vulnerability scans
  • Perform application penetration tests, assess the results and ensure that timeous mitigating and corrective action taken
  • Review infrastructure and systems in order to identify potential security weaknesses, recommend improvements to amend vulnerabilities, implement changes and document upgrades
  • Perform information security risk analyses and periodic information system activity reviews for information security purposes
  • Monitor changes in legislation and industry standards that affect information security
  • Monitor and control specific security improvement projects
  • Co-ordinate activities to support requirements by internal and external auditors, including PCI and other accredited QSAs.

Accountability Dimensions

  • Sound information security policies, practices and procedures
  • Volume of security incidents/breaches
  • General security awareness of employees
  • Company’s continued compliance to the relevant legislative/industry requirements (SOX/PCI/POPIA) etc.
  • Currency of organization to mitigation of known risks and threats

Competencies

  • Qualifications

    • Bachelor’s degree in computer science/mathematics/engineering or at least 5 years’ experience in information security management and/or related functions (IT audit & IT risk Management)
    • Information Security management qualification such as CISSP or CISM
    • MCSE/MCSD Certification advantageous (desirable but not essential)

     

    Specific Skills (Technical):

     

    • 2-3 years’ experience in Systems & Network Security advantageous
    • PCI standards experience (PCI DSS)

     

    The successful applicant must:
    • Must be highly analytical and effectively able to troubleshoot and prioritise needs, requirements and other issues
    • Aside from technical skills, should also have excellent communications, teamwork, leadership and conflict management skills
    • Be committed to continuous learning and system development
    • Have strong attention to detail/accuracy attributes
    • Be self-driven and have high energy levels
    • Be organized and assertive

     

     

Get Alerts
 

To apply for this vacancy please access this job advert on a desktop computer.

Apply for other Jobs on Job Mail.