To carry out technical vulnerability assessments of IT systems and processes, identifying potential vulnerabilities, to make recommendations to control any risks identified and to ensure they are implemented.
To respond rapidly and effectively to IT security incidents, managing them in a professional manor including computer forensics for evidence gathering and preservation.
To be responsible for the coordination of regular Information Security Reviews in the business
Development, maintenance of Information security policy, procedure and programs.
To lead by example and provide good security guidance and advice on best practice to service managers and staff at all levels
To provide high quality guidance and assistance to departmental staff in research projects with challenging information security requirements.
To be the definitive point of contact for all members of the business seeking advice on information security
To oversee the business information security risk register and carry out actions to mitigate risks identified
Analysis of information protection technologies and processes to identify technology security weaknesses
Lead ongoing risk assessments of data processing systems to confirm the design of logical controls are effective and meet regulatory and legal requirements
Provide quality reports to summarize test activities, including objectives, planning, methodology, results, analysis, and recommendations to both technical and non-technical audiences.
Monitor their organization’s networks for security breaches and investigate violations when they occur.
Help to design, implement, and maintain the organization’s cyber-security plan.
Develop and direct implementation of security standards and best practices for the organization.
Qualification and Experience:
A degree in Information Systems, Computer Science or equivalent plus relevant vocational qualification.
At least 6 years’ experience. in a similar or related environment.
An MBA would be an added advantage.
Certification in information security (CISSP, CSSLP, CCFP, CISM, etc.)
Understanding of information security principles and best practice (e.g., ISO27001 and ISF Standards of Good Practice for Information Security)