Information Security Officer (CISA) - Bloemfontein
Datacentrix
Managed Talent Solutions a division within Datacentrix is looking for an Information Security Officer for one of their client based in Kimberly. This is a 6 months fixed term contract. The Information Security Officer must have good understanding of IT Governance Frameworks and LegislationQualifications and Experience Required:Relevant Degree/Diploma in ICTCISA certificationWillingness to work outside normal hours7 years of related experienceProficiency with enterprise information systems, file servers, networked data storage, application software, scripting and programming languages, data communication devices, and disaster recovery utilitiesKnowledge of current systems and network technologies and standards and their practical application in the enterprise environmentGood understanding of IT Governance frameworks and legislationRoles and Responsibilities:Develop information security plans aligned with business goals and objectives. Identify current and potential legal and regulatory requirements affecting information security.Identify drivers affecting the university (e.g., technology, business environment, risk tolerance, geographic location) and their impact on information security.Obtain senior management commitment to information security. Define roles and responsibilities for information security throughout the company.Establish internal and external reporting and communication channels that support information security.Establish a process for information asset classification and ownership. Implement a systemic and structured information risk assessment process. Ensure that business impact assessments are conducted periodically. Ensure that threat and vulnerability evaluations are performed on an ongoing basis.Identify and periodically evaluate information security controls and countermeasures to mitigate risk to acceptable levels.Integrate risk, threat and vulnerability identification and management into life cycle processes (e.g., procurement).Report significant changes in information risk to appropriate levels of management for acceptance on both a periodic and an event-driven basis.Develop and maintain plans to implement the information security strategy. Specify the activities to be performed within the information security program.Ensure alignment between the information security program and other assurance functions (e.g., physical, human resources, quality, IT).Identify internal and external resources (e.g., finances, people, equipment, systems) required to execute the security program.Ensure the development of information security architectures (e.g., people, processes, technology).Establish, communicate, and maintain information security policies that support the security strategy.Design and develop a program for information security awareness, training, and education.Ensure the development, communication and maintenance of standards, procedures, and other documentation (e.g., guidelines, baselines, codes of conduct) that support information security policies.Integrate information security requirements into the (e.g., change control, mergers, and acquisitions) and life cycle activities (e.g.development, employment, procurement).Develop a process to integrate information security controls into contracts (e.g. with joint ventures, outsourced providers, business partners, customers, third parties).Establish metrics to evaluate the effectiveness of the information security program.Manage internal and external resources (e.g., finances, people, equipment, systems) required to execute the information security program.Ensure that processes and procedures are performed in compliance with the company's information security policies and procedures.Ensure the performance of contractually agreed (e.g., with joint ventures, outsourced providers, business partners, customers, third parties) information security controls.Ensure that information security is an integral part of the systems development processes and acquisition processes.Ensure that information security is maintained processes and life cycle activities.Provide information security advice and guidance (e.g., risk analysis, control selection) in the university.Provide information security awareness, training, and education (e.g., business process owners, users, information technology) to stakeholders.Monitor, measure, test and report on the effectiveness and efficiency of information security controls and compliance with information security policies. Ensure that noncompliance issues and other variances are resolved in a timely manner.Develop and implement processes for preventing, detecting, identifying, analyzing, and responding to information security incidents.Establish escalation and communication processes and lines of authority. See Description See Description
Apply Now
Facebook
Whatsapp