Information Security Officer (Diversity Hiring)

Key Pointers

• It’s a TISO role -Technology Information Security Officer
• Ensure effective and efficient communication, coordination and implementation of CISO IT Security requirements and decisions
• Looking for a candidate who can guide ITAO team
• Security considerations of cloud computing: They include data breaches, broken authentication, hacking, account hijacking, malicious insiders, third parties, APTs, data loss and DoS attacks.
• Identity and access management (IAM) – the framework of security policies and technologies that limit and track the access of those in an organization to sensitive technology resources.
• ISO27001 – specifications for a framework of policies and procedures that include all legal, physical and technical controls involved in an organization’s risk management
• Control Objectives for Information and Related Technologies (COBIT)
• Windows and UNIX environment

Your key responsibilities

• Align standards, frameworks and security with overall business and technology strategy
• Identify and communicate current and emerging security threats
• Create solutions that balance business requirements with information and cyber security requirements
• Train users in implementation or conversion of systems
• Derive the IT Security strategy from the overall Chief Information Security Office (CISO) strategy and requirements and translates this into an operational plan for delivery for their area of responsibility
• In relation to the IT Assets, processes within their scope of responsibility they:
• Drive integration of Chief Information Security Office Initiatives, programs and central solutions and ensure alignment with the divisional portfolios.
• Ensure effective and efficient communication, coordination and implementation of CISO IT Security requirements and decisions
• Are responsible for the adoption of centrally mandated Security Solutions and the maintenance of technical security documentation and compliance to security controls.
• Are the recognized expert in DB Information Security Policies and procedures and their implementation in relation to technologies.
• Proactively manages IT audits and plan (in co-operation with COO IT management) preparation and remediation.
• Ensure appropriate senior management awareness/oversight of follow-up on action items to resolve identified issues, e.g. information security reviews of vendors, audit issue resolution.
• Spearhead independent reviews of IT Security Controls, prioritise identified issues and assesses remediation actions for quality, considering the optimal cost-risk ratio as well the strategically optimal resolution (e.g. Information Security control evaluation and respective follow up activities).
• Verify remediation concepts for critical and systemic issues and monitors their execution according to plan and with quality.
• Partner with key stakeholders (Chief BISOs and IT management etc.) to act as mediator and subject matter expert for them on Information Technology Security topics. Ensure a common understanding of Information Technology Security risks and their implications for the Group and for their scope of responsibility.

Your skills and experience

Experience Range of 14-20 years in:

• Security considerations of cloud computing: They include data breaches, broken authentication, hacking, account hijacking, malicious insiders, third parties, APTs, data loss and DoS attacks.
• Identity and access management (IAM) – the framework of security policies and technologies that limit and track the access of those in an organization to sensitive technology resources.
• Experience with and knowledge of:
• VB.NET, Java/J2EE, ColdFusion, API/web services, scripting languages and a relational database management system (RDBMS) such as MS SQL Server or Oracle. These are some of the technical elements needed to build security into an organization.
• ISO27001 – specifications for a framework of policies and procedures that include all legal, physical and technical controls involved in an organization’s risk management
• Control Objectives for Information and Related Technologies (COBIT)
• Windows and UNIX environment.