Information Security and Vulnerability Manager
Job description
The Information Security Manager is re sponsible for the develo pment, man agement an d monitoring of the enterprise wide security a rchitecture, policies, proc edures and controls of th e Letshego Group and is resp onsible for all on-going activities that serve to protect th e confid entiality and integrity of c ustomer, emp loyee, and business infor mation and s ystems.
• Leads the design, implementation, operation and maintenance the Information Security Management System and architecture based on international and industry standards
• Forms a “centre o f excellence” for information security management, for example offering internal management consultancy advice and practical assistance on information security risk and control matters throughout the organization and promo ting the commercial advantag es of managing information security risks more ef ficiently and effectively
• Leads or commissions the preparation and authorizes the implementation of necessary information security policies, standards, procedures and guidelines, in conjunction with the Security Committee
• Configures and manages physical, network, infrastructure, application and DB security.
• Develops and manages an awareness program to ensure personnel understand the risks / threats to the business, their responsibilities and how to comply with policies
• Communicates requirements to technology teams to ensure business needs are met
• Provides technical training to junior ICT team members on security controls, configurations, management and monitoring.
• Creates awareness and communicates to all personnel levels on issues relating to information security
• Aids the business in participating in the security processes
• Works with the App lication Systems and Database Manager, Senior Network Administrator and Technology Development
• Manager to identify and arrange for deployment of appropriate compensating controls to address security and risk gaps throughout the Group’s systems
• Works with various personnel and managers to develop solutions to address control gaps; ensure cost vs. risk study is completed for all significant corrective actions
• Serves as an internal information security consultant to the organization.
• Documents security policies and procedures created by the Information Security Committee
• Leads the planning and implementation of projects
• Facilitates the definition of project scope, goals and deliverables
• Develops project plans to manage the end-to- end project activities and execution approach
• Manages project budget, resource allocation and plans and schedules project timelines
• Tracks project deliverables using appropriate tools
Requirements
• A Bachelors degree in a technical related field or additional related experience is required Security an audit related certifications are beneficial
• Information security manage ment qualifications such as CISSP or CISM
• Expert technic al knowledge in ICT governance and security standards
• Broad, in-depth technical kno wledge of security principles and process is requi red.
• Strong plannin g and organising skills
• Knowledge o f banking, technology and operations environment.
• Strong technical knowledge
• Good communication skills – written and verbal.
• Ability to prioritise activities and resources.
• Ability to handle multiple activities simultaneously.
• Ability to tran slate technical information into appropriate business language
To apply for this position please go to www.hrmc.co.bw