The successful candidate will be responsible for establishing a working and effective Information Security Structure to enable the company to formally adopt and implement ISO 27001 as best practice information security standards. This person will ensure ongoing compliance with ISO 27001 standards

Required skills:

• Good verbal and written communication skills
• Ability to work with a diverse group of people
• Able to work under pressure and meet deadlines
• Able to plan/complete implementations and contribute to culture change
• Able to manage time and prioritise appropriately
• Good level of people management skills
• Positive towards learning and development, demonstrated by a record of continual professional development
• Excellent project management skills

Qualifications and Experience:

• Relevant IT Degree or Diploma
• Industry accepted Information Security qualification (CISSP)
• Certification in Information Security Management (ISO 17799,ISO 27001)
• ITIL management training or certification
• Minimum 7 years broad IT experience of which 4 to 5 years is proven in an Information Security role
• Good understanding of best practice standards and governance frameworks such as ITIL and COBIT
• Experience in the development and delivery of Information Security related training material
• Knowledge of South African (or international) legislation dealing with information protection (advantageous)
• A good working knowledge of Information Security principles and practices (specifically the ISO 27001 information Security Standards)
• Broad awareness of hardware and software security products
• Good working knowledge of information risk analysis/management
• Good working knowledge of quality assurance principles and practices

Duties and Responsibilities:

• Develop, implement and enforce suitable and relevant information security policies, standards and procedures
• Review information security policies on an annual basis
• Co-ordinate information security activities (including training) with IT, IT governance and the rest of the organization
• Co-ordinate the development and delivery of an information security awareness and training programme
• Develop and implement an incident reporting and response process to address information security incidents
• Investigate suspected and actual breaches of security and undertake reporting/remedial action as required
• Maintain a log of incidents and remedial recommendations and actions
• Continually assess the effectiveness of the actual security measures against the requirements as defined in the information security policies and standards
• Perform annual effectiveness testing on all information security controls
• Develop and implement an ongoing risk assessment program targeting information security matters
• Recommend methods for vulnerability detection and remediation, oversee vulnerability testing
• Assess new technologies and solutions against the requirements as defined in the relevant information security policies and standards
• Provide monthly information security compliancy and risk reports to the CIO and IT governance officer
• Oversee and manage the day to day security activities around network , logical and physical security management for the whole company