The Information Security Officer (ISO) develops programs and frameworks in line with ICT strategy to protect the company’s computer network and data against various forms of security breaches.
To oversee information governance and security to ensure appropriate controls are in place, data is secure and processed securely.
As the center of competence for information security, ISO provides guidance and acts as a focal point for security compliance activities and responsibilities.
Information Security and Governance
Identify network vulnerabilities in order to develop, implement and monitor a strategic and comprehensive enterprise information security, risk management and governance program to ensure that information assets are adequately protected.
Develop and improve the Information Security Management Framework(s) aligned with the full program and ICT strategy.
Understand and interact with related disciplines through committees to ensure consistent application of policies and standards across all technology projects, systems and services.
Contribute to ICT planning by providing current knowledge and future vision of security and governance related to technology and systems to ensure adequate and appropriate consideration during planning.
Create and institute measures to protect sensitive information and data within the computer network against various forms of security breaches by researching, developing, implementing, testing and continually reviewing information security to protect information and prevent unauthorized access.
Accurately identify, assess and report security risks to partner with business stakeholders to raise awareness of risk management issues.
Work closely with business units to facilitate risk assessment and management processes and educate users on security measures, potential threats and mitigations to keep users informed.
Effect role as a competence center for the enterprise information security organization by educating colleagues on security software and information security best practices.
Monitor networks to ensure that local procedures and activities comply with all regulatory requirements and internal policies, procedures, guidelines and standards.
Install software, implement security measures, monitor networks and document any security breaches.
Assess damages related to security breaches to ensure corrective actions can be implemented so that security and governance standards can be maintained.
Keep abreast of rapidly changing security threat needs to mitigate security breaches and cyberattacks to ensure all appropriate updates are recommended.
Minimum qualifications and experience:
BSc/BA in Computer Science or Information Security or BCom in Computer Science.
An information security certification such as a CISA certification.
Information security and risk governance certification or course such as CISSP, CISM or related certification.
At least 3 to 5 years of professional experience in the field of information security and governance.
Monitoring firewalls and network tools
Knowledge of POPI information security compliance
Qualifications and experience desired:
An honors degree would be an advantage
Experience working with Mimecast
Occupational exposure to cybersecurity
Skills, Competencies and Attributes:
Excellent knowledge of common information security management frameworks, such as ISO/IEC27001 and NIST.
Excellent knowledge of best practices to prevent a wide range of security threats.
consideration when planning.
Experience with MS Windows and Microsoft suite of products
About the employer:
Company is an NGO that empowers people and changes lives. Good health and quality of life are what motivate us to provide healthcare solutions and support to those who need it most.