Primary Purpose
This position is primarily responsible for taking the lead in the management of CWS Africa's information system security program to ensure that information assets are adequately protected, identifying, evaluating, and reporting on information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the organization.
The Senior Manager, Information Security supervises the Senior Information Security Officers (SISO) and oversees the development, adoption, implementation, and enforcement of information security policies, procedures, and standards to ensure compliance with the organizational IS security framework, NIST, and other information security, privacy, legal requirements, and best practices. This role requires excellent documentation, presentation, analytical, and critical thinking skills.
Key Responsibilities
Strategic Support and Management
- Develop, implement, and monitor a strategic, comprehensive enterprise information security and IT risk management program.
- Ensure CWS Africa Information Systems are secured according to organizational policies, the Integrity and Compliance Guide, Federal IT security requirements, and NIST moderate controls.
- Manage the enterprise's information security organization, including direct and indirect reports (hiring, training, performance management, and reviews).
- Facilitate information security governance through the implementation of a hierarchical governance program.
- Provide input and recommendations to IT and CWS Africa management on systems security updates, trends, risk management, and regulatory compliance.
- Develop, maintain, and publish up-to-date information security policies, standards, and guidelines.
- Create and implement a risk-based process for vendor risk management.
- Manage and monitor information security budgets.
- Review and approve security risk management awareness training programs for all employees.
- Liaise with the enterprise architecture team to ensure alignment between security and enterprise architectures.
- Develop and oversee effective disaster recovery policies and standards to align with enterprise business continuity management.
Security Liaison
- Liaise among the information security team and corporate compliance, Risk & Compliance, Supply Chain, HR, and program teams.
- Liaise with external agencies (e.g., law enforcement, advisory bodies) to maintain a strong security posture.
- Collaborate with stakeholders to identify information asset owners to classify data and systems.
Architecture / Engineering Support
- Consult with IT and security staff to ensure security is factored into systems selection, installation, and configuration.
- Provide IT security assistance and oversight to IT Officers in South Africa, Tanzania, Uganda, and sub-offices.
- Recommend, research, and coordinate technical controls to enforce security policies.
Operational Support
- Manage outsourced vendors providing information security functions.
- Coordinate and manage the operational components of incident detection, response, and reporting.
- Oversee day-to-day threat and vulnerability management.
- Oversee the Annual internal IT security Audit/Assessment against the NIST security framework.
- Design, coordinate, and oversee security-testing procedures (vulnerability scanning and penetration testing).
