JOB SEEKERS
EMPLOYERS
JOBS QUICK-SEARCH
.net
.net developer
a+
abap
account manager
accountant
admin
administrator
analyst
architect
bookkeeper
business analyst
business intelligence
c#
call centre
ccna
cisco
cloud
cobol
consultant
delphi
desktop
desktop support
developer
engineer
finance
graduate
graduates
helpdesk
internship
it manager
it support
it technician
java
java developer
junior developer
legal
linux
manager
marketing
mcse
network
network administrator
oracle
personal assistant
php
php developer
programmer
project
project administrator
project manager
receptionist
sales
sap
secretary
security
sql
support
technical support
technician
test analyst
tester
web developer
NEWSLETTER
FOLLOW US
IT Risk & Security Officer
Job Ref
278014
Job Type
Permanent
Employer Type
Recruitment Agency
Date Added
19 Feb 2018
Expiry Date 5 Apr 2018
Expiry Date 5 Apr 2018
* There have been 11 applications to this job.
* This job has been viewed 3520 times.
Employer:
Datacentrix
Location:
South Africa
Salary:
Negotiable
Benefits:
Role details:
- - - - - - - - - - - - - -
This role will focus onInformation Security and the creation of an Information Security Management System with the goal ofprotecting the Confidentiality, Integrity and Availability of COMPANY Information Assets, in linewith the risk appetite of the organisation. The role incumbent will provide expertise in respect ofInformation Security, enabling COMPANY to meet its business objectives and act appropriately in theface of rapidly changing threats, technologies and business conditions. The incumbent will workclosely with the IT Risk function, with a significant amount of cross-pollination in terms ofresponsibilities. The incumbent will be expected to manage and drive audit remediation. There willbe a requirement to develop, deliver and maintain Security Architecture that remains relevant,achievable, and aligned to the organisational strategies. The role incumbent will be responsible fora number of specific Information Security domains and will also be expected to contribute to thedefinition and maintenance of the overall Information Security Strategy. The incumbent will ensurethat project investments are coordinated towards wider architecture goals and that the SecurityArchitecture is communicated and understood within the organisation. There will be an expectationthat the successful candidate will drive Security into the DevOps processes and will have a broadunderstanding of various technologies.All IT risk management activities are coordinatedthrough this role and includes the coordination of IT Risk policy drafting and scheduled review. Therole is responsible to maintain the IT Risk Framework and its associated controls and reporting.This role is responsible to independently evaluate overall information technology risk, maintain anactive view, and report on the controls and residual risk in the technology organization.The candidate mustdevelop an understanding of the technical IT environment and be prepared for robust discussions andchallenge from management around risk and adequacy of the controls in the environment. It isimperative that the IT Risk officer assist IT in finding solutions to challenges as they arise overand above helping IT identify and classify risks appropriately. This role is also responsible forfacilitating and managing IT Audits as well as driving Audit Remediation. Any required GroupGovernance processes will also be facilitated by this role (E. G. Cloud SteercomPreparation)
FORMAL LEARNING/QUALIFICATION REQUIRED TO PERFORM OPTIMALLY IN THEROLE
· Qualifications relevant to IT riskmanagement or IT auditing or qualifications relative to the IT environment.
· CRISC/CGEIT/CISA advantageous
· CISSP/CISM advantageous
· Relevant tertiary education orcertifications
SKILLS / KNOWLEDGEAND EXPERIENCE REQUIRED TO PERFORM OPTIMALLY IN THE ROLE
· Understanding of Risk Managementtechniques and tools
· Experience of IT Riskmanagement and understanding of the relationship with the wider Enterprise Risk function
· Good technical knowledge of ITsystems and processes
· Experience in afinancial services environment advantageous
COMPETENCIES REQUIRED TO PERFORM OPTIMALLY IN THE ROLE
It is anticipated that some of the requiredcompetencies will develop in role to the appropriate level.
· Excellent written and oralcommunication
· Strong presentationskills
· Personal organisation and planning
· Problem solving
· Negotiating and influencing
· Stakeholder management includingsenior managers
· Must thrive in demanding andfast-paced environment
· Must be able toprioritize and perform multiple tasks simultaneously
· Ability to operate as a team memberand work independently
· Ability to operate at astrategic level and understand detailed issues
· Ability to complete projects andkeep to deadlines
· Value and deliveryfocused
· Skilled use of typical officesoftware and an ability to understand and learn risk management software
LANGUAGE REQUIREMENTS (TAKING INTO ACCOUNTTHE COMPANY MULTI-COUNTRY OPERATIONS)
LanguageRequirements
English
IT Risk Officer
Specific Responsibilities
1. Risk Identification, Assessment and Evaluation
Identify, assess and evaluaterisk to enable the execution of the IT and enterprise risk management strategy.
Collect information andreview documentation to ensure that risk scenarios are identified and evaluated.
Identify legal,regulatory and contractual requirements and organizational policies and standards related toinformation systems to determine their potential impact on the business objectives.
Identify potentialthreats and vulnerabilities for business processes, associated data and supporting capabilities toassist in the evaluation of IT risk.
Create and maintain an IT risk register to ensurethat all identified risk factors are accounted for.
Assemble IT risk scenarios to estimate the likelihoodand impact of significant events to the organization.
Analyse IT risk scenarios to determine their impacton business objectives.
Develop an IT risk awareness program and conduct training to ensure thatstakeholders understand risk and contribute to the risk management process and to promote arisk-aware culture.
Correlate identified IT risk scenarios to relevant business processes to assist inidentifying risk ownership.
Validate risk appetite and tolerance with senior leadership and key stakeholdersto ensure alignment
2. RiskResponse
Develop and implement risk responses to ensure that risk factors and events areaddressed in a cost-effective manner and in line with business objectives.
Identify and evaluate riskresponse options and provide management with information to enable risk responsedecisions.
Review IT risk responses with the relevant stakeholders for validation of efficiency andeffectiveness.
Apply IT risk criteria to assist in the development of the risk profile for managementapproval.
Assist in the development of IT risk response action plans to address risk factorsidentified in the risk register.
3. Risk Monitoring
Monitor risk and communicate information to therelevant stakeholders to ensure the continued effectiveness of the IT risk managementstrategy.
Collect and validate data that measure key IT risk indicators (KRIs) to monitor andcommunicate their status to relevant stakeholders.
Monitor and communicate key IT risk indicators (KRIs)and management activities to assist relevant stakeholders in their decision-makingprocess.
Facilitate independent IT risk assessments and risk management process reviews to ensurethey are performed efficiently and effectively.
Identify and report on IT risk, including compliance,to initiate corrective action and meet business and regulatory requirements.
4. Audits and Reviews
Serve as liaison to auditors and other relevant persons regarding documentationand review of IT Risk and information compliance.
Communicate audit and review results to appropriateparties; ensure that issues are addressed and corrective actions are implemented.
Keep a tracking actionlist of all audit issues.
Drive remediation of audit finding within the agreed remediationtimelines.
Information SecurityOfficer
SpecificResponsibilities
1. InformationSecurity Strategy and Management
· Develop an information securitystrategy
· Develop and implement an ISMS andcyber security programme
· Develop and maintaininformation security policies, standards, and procedures
· Define technical informationsecurity plans and documentation, to support the information security strategy
· Create and maintain an informationsecurity incident response plan
· Provide relevant recommendationsand develop information security key performance indicators (KPIs)
· Create and present reports atvarious levels, including C level
2. Risk and Compliance
• Provide insight as the information security subject matter expert in committees, andcompliance projects
• Work closely with auditors, and drive thenecessary remediation of information security findings
• Assist in identifyingand mitigating information security related risks
• Conduct riskassessments on third parties to ensure compliance of information security standards
• Assess cloud vendors and provide input on security withincloud environments
· Advise and participatein the business continuity and disaster recovery plans
3. Application Security
· Define the information securityrequirements for SDLC
· Facilitate informationsecurity code reviews
· Drive securityautomation into the DevOps processes
4. OperationalSecurity
· Drive the vulnerabilityand patch management programme
· Coordinate technicalinformation security assessments and penetration tests, as well as, drive remediation
· Ensure information securityawareness training is implemented within the organisation
· Manage the information securityproducts and support vendors
· Act as a key approver inthe context of change management, specifically with regards to all changes requiring informationsecurity oversight
5. Security Architecture
· Review, provide input, and approvesolution designs from an information security perspective
· Define and drive securityarchitecture