IT Security Specialist – Gauteng Sandton
Risk Manager (Operations – Information and Data Security)
Reporting to: Risk Manager
Purpose of the role: The purpose of the role is to protect the organization by identifying, monitoring and providing risk mitigation options for the achievement of corporate business objectives.
Skills and knowledge:
- Preference: Degree in Information Security, Computer Science, Data Management, Risk Management or Internal Audit
- Benefit: Information Security Certification
- Minimum of 5 years of experience in information security, risk management, systems audit.
- General understanding of IT security standards
- Advantage: ISO 3100 and COBIT
Risk management for today’s businesses:
- Supervise and, in certain areas, steer the implementation of appropriate risk control actions
- Monitor, evaluate and challenge the organization’s success in managing information, cybersecurity and data risks
- Help identify key information security and data management risks affecting operational functions within the business
- Administration of the information security, cybersecurity and data management risk identification and assessment process
- Monitor internal controls to ensure their adequacy and effectiveness and assist in the identification of appropriate improvements to address identified weaknesses
- Conduct research as needed on specific topics as needed
- Compile and submit all scheduled and ad hoc risk management reports in a timely and accurate manner
- Contribute to the development and updating of risk management policies and procedures for the organization to ensure areas of responsibility are properly addressed
- Help maintain a culture within the company that emphasizes and demonstrates the importance of effective risk management to all personnel
- Participate in employee training on the risk management framework
- Conduct risk assessments of business processes and practices on an ongoing basis
- Contribute to the annual risk management plan and execute according to the plan
- Keep abreast of requirements related to information security, cyber risk and data management standards and best practices
Risk management for new activities/services:
- Provide risk support to the project team regarding information security, cybersecurity, data management; assessment/assistance of/on their processes, procedures and in the identification of associated risks and controls.
- Assess the adequacy of risk control frameworks for the data and information security aspects of new services
- Assess changes to the organization’s risk profile due to new services
- Conduct research on emerging technologies to provide risk management support to the business
- Identify training opportunities to deepen knowledge of new technologies
- Provide training and guidance to the risk management team on areas of focus to share knowledge and assist in cross-competence
- Provide guidance to teams in the identification, planning and execution of assurance activities relating to new technologies
Business Continuity Management:
- Initiate and gather impact assessments on the division’s activities on an annual basis.
- Work with company DR (Disaster Recovery) resources to ensure all market DR testing issues are resolved.
- Ensure responsible staff members update disaster recovery plans for core applications on an annual basis.
- Contribute to the business continuity plan of the company.
- Support divisions in their business continuity planning
Data and information security:
- Actively participate in the Information Security Council by highlighting risk considerations for operational events, current processes or new products/services under consideration.
- Track and follow up on issues raised in areas of interest to drive prompt resolution
- Provide advice to the business on emerging data and information security risks
- Perform independent assessments of compliance of data and information security assessments against adopted standards.
- Awareness and appreciation of the principles of integrity, confidentiality and availability of data within the organization.
- Responsible for facilitating reviews of assigned internal audit functions
- Coordination of management responses across the organization for assigned reviews
- Validate the relevance of the corrective measures proposed by management for the deficiencies identified
- Coordination of the follow-up of the organization and the state of resolution of the previous results
Combined insurance forum:
- Assist in the preparation of annual reports and assurance plans
- Regularly identify insurance gaps in proposed plans
- Coordinate insurance reviews related to areas of responsibility
- Assist in reporting various assurance activities across the organization
- Information Security
- Risk management
- Systems auditing
About the employer:
Employer and Benefits:
Find out more/Apply to this position