Information Security Officer

Role Overview

In this pivotal role, the Information Security Officer is responsible for formulating, implementing, and maintaining the organization's information security strategy. This involves extensive security monitoring, risk assessment, policy enforcement, and management of IT security installations to minimize exposure across network and host systems.

Key Responsibilities

The incumbent will be responsible for the following key result areas, which are divided into direct involvement and indirect oversight through Site IT teams:

Directly Involved Duties

• Formulating and implementing a strategy for the deployment of information security.
• Performing formal security audits and risk assessments with a view to minimizing exposure.
• Monitoring security vulnerabilities and hacking threats in network and host systems.
• Tracking the latest IT security innovations and keeping abreast of the latest cybersecurity technologies.
• Implementing an effective process for the reporting of security incidents and communicating with key stakeholders about IT security threats.
• Monitoring the daily operation and implementation of the IT security strategy.
• Conducting a continuous assessment of current IT security practices and systems and identifying areas for improvement.
• Managing the IT security budget and communicating this with the appropriate parties.
• Implementation of Network & Server Security including firewalls and patch management.
• Continually review IT Security installations and incorporate improvements and innovations as a matter of routine.
• Review and enforcement of the IT policies, procedures, and standards.
• Develop and deliver training/guidance verbally, written, or within training workshops as appropriate to the IT Team and IT Systems Users.
• Assist with legacy application security enhancement.
• Assist with security on Serena’s e-commerce platforms.

Indirect Oversight (Through Site IT teams)

• Ensure ICT Policy, Procedure, and Standards implementation plan is developed and actioned.
• Ensuring disaster recovery and business continuity plans are up-to-date.
• Overseeing the investigation of reported security breaches.
• Monitor Information System audit issues.
• Follow-up IT security tasks.
• Implementation of Network, Servers, and workstation Security.

Knowledge, Skills & Experience Required

• Education: A Bachelor's degree in Computer Science or a closely related discipline.
• Certifications: CISM or CISSP Certification is required. Any other security certification will be an added advantage.
• Experience: Minimum of 3-5 years experience in a similar position is essential.
• Technical Expertise:
  • Must have in-depth knowledge of business processes as well as process controls and risks and how these relate to relevant IT audit procedures.
  • Knowledge of Network monitoring tools, Traffic analysis, and intrusion detection systems.
  • Knowledge of information security management best practices such as ISO 27000.
  • Knowledge of threat and vulnerability analysis, risk assessment business impact analysis.
  • Experience in writing effective security policies and procedures.
• Soft Skills & Attributes:
  • Excellent verbal, written, and interpersonal skills.
  • Proven leadership skills.
  • Self-motivated and a good team player.
  • A proven record of dealing with complex projects and meeting conflicting demands.