Senior Specialist Governance

**_ Equity Statement :Preference will be given to suitably qualified Applicants who are members of the_**
**_designated groups in line with the Employment Equity Plan and Targets of the Organisation/Operating_**
**_Division._**

**_ Alternative Application Methods: (Completed Curriculum Vitae to be submitted)_**

Post:
E-mail:
Fax:
before the closing date of the advertisement.

Note: if you have not been contacted within 30 days of the closing date of this advertisement please consider your

We urge all our employees, clients, members of the public and our suppliers to report any kind of fraud or corruption at

**_ Operating Division : Transnet Corporate Centre_**

**_ Position Title : Senior Specialist Governance & Support_**

**_ Employee Group : Permanent_**

**_ Department : ICT_**

**_ Location : Johannesburg_**

**_ Reporting To : GM: Enterprise Technology & PMO Services_**

**_ Grade Level : C_**

**_ Reference Number : 6003958_**

**_ Position Purpose:_**

The Senior Specialist is responsible for establishing and maintaining an enterprise-wide and globally acceptable information

security program to assure information assets are adequately protected. The Senior Specialist is also responsible for the

creation and maintenance of and enterprise-wide information security strategy, including an Information Security

Management System, ICT Governance, Risk, Compliance, and ICT Audit liaison.

**_ Position outputs:_**

Information Security Strategy: Draft and propose the enterprise-wide information security strategy and action plans ensuring

that best practice control objectives for confidentiality, integrity, availability, accountability and assurance are met

Leadership: Lead and develop a team of information security specialists, continually renewing skills to stay abreast of new

threats

Project Management: Accountable for execution of approved information security project plans and provide regular status

reporting on progress of such projects.

Develop and maintain the Information Security Management System (ISMS), including information security policies,

standards, procedures and guidelines

Vendor Management: Engage and direct outside consultants as appropriate on information security audits

Collaborate with Transnet Internal Audit (TIA) as a business advisor on information security and IT compliance matters

Risk Management: Ability to integrate information security risks with IT, operational risk and enterprise risk management

frameworks and assessment. This should also include planning and implementation of effective Disaster Recovery plans for

the organization

Audit: Drive the IT risk audit to provide an integrated view of IT related risks’
IT Policies: Provide guidance to ensure that ICT strategies and plans incorporate overall Transnet Wide risk management

components which support the business strategies. Oversee training and dissemination of IT policies and procedures across

the organization.

IT Governance: To ensure alignment of ICT governance with Transnet’s standards for corporate governance and
incorporates leading IT Governance standards in King IV and COBIT5

Identity and Access Management: Develop strategy and implement systems security across diverse operational systems,

SAP systems and process systems.

IT Compliance: A focus on IT risk and compliance to legislation for IT systems.

Information Security Management System: Develop and implement an information security management system that

protects the confidentiality, integrity and availability of information in the custody of Transnet

Combined Assurance: Align with Risk, Compliance, Audit stakeholders to ensure that adequate IT controls are implemented

to mitigate significant IT risks.

Budget and Financials: Develop and manage information security budgets and monitor actual variances.

Information Security Architecture: Provide input into enterprise architecture.

Design security solution architecture and align with enterprise architecture principles, thus driving the strategic planning for

information security.

**_ Qualifications & Experience:_**

A Bachelor’s degree in relevant discipline
Professional security management certification, such as a Certified Information Systems Security Professional (CISSP),
Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), CGEIT, CRISC or other similar
credentials preferred
Minimum 10 years’ experience in Information security management environment of which at least 5 years at a managerial
level
Experience with cybersecurity Incident and Event Management operations and systems

**_ Competencies:_**

Strategy & Sustainability
Strategic Thinking
Translates strategies into measurable goals and objectives to achieve the organisations vision.
Commercial Awareness
Keeps abreast of internal and external factors that can impact the business; is aware of developments in organisational
structures, economics and politics where relevant
I