Information Security Officer

Does helping leading organisations achieve world-class performance sound exciting? Well keep reading, because Competitive Capabilities International (CCi) is looking for a experienced **Information Security Officer** to join our IT Team.

About Competitive Capabilities International (CCi)

CCi has a 35-year track record of helping leading organisations build competitive capability through maturity-based best practice implementation. We are immensely proud of our continuous improvement solution, TRACC, which has transformed over 3000 supply chains in more than 75 countries.

**About this role**
As a member of the IT Team, you will be responsible for establishing and maintaining an information security framework to provide assurance that the supporting security strategies are implemented and aligned with business objectives, IT governance and legislative/regulatory requirements. With this in mind, you will make an impact from day one by:

- Ensuring Information Security & Data Management is aligned to POPIA and GDPR compliance requirements
- Owning and driving the ISO 27001 certification maintenance and process
- Owning, managing and running the Security Awareness Training for the organization
- Review, manage and improve the ISMS system, process and platform
- Defining rolling 3 year information security strategy and roadmap, and supporting operations plan and budget estimates to close identified gaps
- Managing and improving incident response capability to proactively identify and mitigate against IT security risks or incidents, and recover from disruptive and destructive information security events
- Leading the IT security team responsible for day to day security and operational tasks, logical user access management, access certification review campaigns, including management of resource allocation and duties
- Providing information security input for architecture designs in AWS and Azure
- Managing and coordinating remediation of IT audit findings by implementing supporting IT security controls and processes
- Conducting the information security risk assessment programme, supported by vulnerability assessments and facilitating independent penetration testing
- Functioning as an internal IT Security consulting resource for other business units on information security
- Managing suppliers, partners and vendors to ensure adherence to security requirement
- Supporting the Information Officer on data governance related issues
**QUALIFICATION**
Education
- Relevant IT qualification in Information Systems
- CompTIA Security +, Systems Security Certified Practitioner (SSCP), CompTIA Cybersecurity Analyst (CySA+) and or Microsoft 365 Security Administration (MS-500).
Experience
- At least 4 - 6 years Information Security experience
- Practical experience with information security concepts, frameworks, methodologies, legislative and regulatory requirements (ISO 27001, NIST, POPIA, GDPR)
- Experience with infrastructure and network architecture technical design, security and management (firewalls, routers, switches, IDS, IPS, cloud computing, mobile device management, virtualization)
- Practical knowledge and understanding of information security tools, network security systems, host diagnostics, vulnerability assessments, penetration testing, threat assessments, report writing and documentation across multiple platforms
- Experience in implementing and configuring security systems, tools and programs e.g. SIEM, vulnerability scanning, coordinating penetration testing, ISMS platforms
- Basic scripting skills (e.g. bash, python, powershell)
- Understanding of threat analysis
- Experienced in Policy writing and reviews
- Experience in Agile/ relevant solution development methodologies will be beneficial
- Experience in Security practices and standards in development like the security development life cycle (e.g. OWASP) will be beneficial
**Specific Skills**
- Knowledge of ISO27000 essential and COBIT beneficial
- Knowledge of Information Risk Methodologies, threat modelling and Operational Risk management methodologies
- Knowledge of policies and project management methodologies
- Innovative, critical thinking and problem-solving skills
- Ability to quickly assimilate knowledge from outside own area of expertise
- Ability to work both independently and in a team
- Ability to explain and document what controls are needed and why, and identify pragmatic alternatives to mitigate threats and risks where time and cost constraints so dictate
- Good communication and organizational skills with a strong ability to influence, build relationships with, and negotiate with colleagues (both IT technical and non-technical, including project teams, managers, and business stakeholders), suppliers and external partners
**Personal Characteristics**
- Strong collaboration skills
- Sound personal relationships
- Highly accountable
- Attention to detail
- Strong analytical skills
- Delivery to deadline and quality focused
- Innovative an