Definitive Recruitment Solutions
Group Security Information Officer
The role is responsible for identifying, evaluating and reporting on legal and regulatory, ICT, and cybersecurity risk to information and technology assets, while supporting and advancing business objectives - this is a strategic role. The Group ISO will report to the Group Chief Information Officer.
- Relevant degree (e.g. BSc Informatics, BSc Computer Science, BCom Information Systems).
- A minimum of 10 years’ experience in a combination of risk management, information security and ICT positions.
- CISSP (Certified Information Systems Security Professional) certification
- Sound understanding of information security regulations (for example ISO27001 & ISO 27002) and compliance requirements.
- Extensive working knowledge of a large-scale ICT environment that have a wide range of different technologies in a highly integrated technology landscape.
- Ability to adapt to a fast-moving ICT security threat landscape and keep pace with latest thinking and new security technologies.
- Strong collaborative problem solving and analytical capability to manage numerous information sources and provide data analysis reports to senior and executive management.
- Strong client focus with the ability to meet the demands of internal and external stakeholders.
- Excellent written and verbal communication skills and the ability to communicate information security and risk-related concepts to technical and non-technical stakeholders at various hierarchical levels.
- Ability to build business partnerships that help drives the ICT security strategy across an international group.
- Develops and manages the Group’s information security strategy, policies, standards and architectures.
- Drives an ongoing, proactive risk assessment program for all new and existing ICT systems.
- Assesses The Company’s risk and security infrastructure and recommends solutions to ensure acceptable levels of risk in the organisation.
- Develops Group level ICT risk profiles, ensures alignment with divisional ICT risk profiles and associated actions.
- Manages vulnerabilities by directing periodic vulnerability scans of the Company’s ICT installations.
- Performs security impact assessments on new ICT solutions/ architectures.
- Delivers new security technology approaches and implement next generation solutions.
- Ensures information security compliance and governance requirements are met to provide assurance to ICT Committee, to Group Exco and also the Audit and Risk Committee.
- Drives security impact assessments in situations of business change and information technology related projects.