Information Security Lead

**Listing reference**: 018745**Listing status**: Online-
**Position summary**

**Industry**:Wholesale & Retail Trade
- **Job category**:IT and Telecommunications**Location**:Cape Town
- **Contract**:Permanent**EE position**:Yes**Introduction**
- We are seeking a proficient and experienced Information Security Lead to drive the design and implementation of the Group’s information security strategy to proactively respond to evolving cybersecurity threats and safeguard the organization’s confidentiality, integrity and availability of information technology assets.**Job description**

**JOB PURPOSE**
To shape, design and manage the implementation of the Group’s information security strategy, plans, governance framework, policies, principles, standards and protocols to enable the organization to respond to evolving cybersecurity threats and potential incidents proactively and to safeguard the organization’s information technology assets and data whilst maintaining the organization’s integrity.**JOB OBJECTIVES**- Assess IT security needs, align cyber security initiatives with business objectives, and develop the organization's information security strategy and roadmap.
- Accountable for the organization's information security systems and networks built to protect against cyber-attacks, intrusions, malware and data breaches.
- Establish and enforce information security governance, policies, and compliance aligned to industry regulations and standards, ensuring continuous improvement through regular reviews and audits.
- Maintain and improve information security incident response plans. Lead and coordinate the response to security incidents.
- Perform information security risk assessments and oversee findings to closure.
- Define, manage, and integrate new and existing security controls into IT infrastructure, leverage technologies and solutions e.g. EDR, PAM, DSPM, CASB, DLP, etc. to ensure a well-controlled and standardized IT security environment and oversee continuous security improvement.
- Oversee monitoring and analysis of cyber threat intelligence, evaluate security tools, and present functional reports to influence decision-making and compliance.
- Lead information security and access management teams, maintain and drive maturity of identity access governance platform.
- Coordinate security awareness and training programs, recruit and develop staff, set performance management plans, and ensure the team has the necessary skills and resources.
- Keep abreast with the latest cyber security research, local and global threats and assess potential impact on the business to ensure continuous improvement of the organization’s cyber security posture.
- Manage vendor relationships and financial resources, take responsibility for IT security budget and cost control, and drive cost-effective measures to achieve strategic objectives.

**Minimum requirements**

**QUALIFICATIONS**
- Degree in Information Technology / Systems Engineering / Computer Science or a relevant equivalent qualification.
- Plus a relevant certification such as Certified Information Systems Security Professional (CISSP), Certified Information Systems Manager (CISM), etc.

**JOB-RELATED KNOWLEDGE & EXPERIENCE**
- 5-7 years (Diploma) or 4-6 years (Degree) of experience in the IT environment, with 2 years or more in a management role
- Strong technical knowledge of enterprise IT systems and architecture.
- Strong technical understanding of maintenance and support of IT information security systems.
- Strong knowledge of IT governance and cyber security practices.
- Strong knowledge and understanding of risk and compliance management.
- Knowledge of the regulatory requirements such as Data Privacy and Protection of Personal Information Act (POPIA) and information security frameworks e.g. PCI DSS, NIST, ISO27001.

**JOB-RELATED SKILLS**
- Excellent written and verbal communication skills
- Ability to manage ambiguity/ complexity
- Able to cultivate innovation
- Ability to collaborate cross-functionally
- Ability to establish and maintain strong relationships with stakeholders at different levels
- IT Strategy, Planning and Governance
- Cyber Security Management
- IT Risk Management
- IT Control Monitoring
- Data Protection
- Information Security

**JOB-RELATED COMPETENCIES**
- Leading and Supervising
- Delivering Results and Meeting Customer Expectations
- Relating and Networking
- Adapting and Responding to change
- Deciding and Initiating Action
- Presenting and Communicating Information