Client Information Security and Compliance Manager - Midrand, South Africa - Advanced Projects and People

Advanced Projects and People
Advanced Projects and People
Verified Company
Midrand, South Africa

3 weeks ago

Thabo Mthembu

Posted by:

Thabo Mthembu

beBee Recruiter
Description

Introduction
The purpose of the role is to ensure that the security services are delivered as described in the SOW/agreement.


Duties & Responsibilities

Compliance Management:


  • Measuring performance against SLA's.
  • Identifying major interventions to be planned for the next month.
  • Understanding the IT Policies and Processes within the cross functional service streams, related to Information Security.
  • Aligning to the transition and transformation deliverables and dates as required.
  • Conforming to the client's Logical Access Management Policies, including federated identity management, authentication service and privileged access management.
  • Supporting the client with evidence and information required for investigations and intelligence services, compliant with legal requirements.
  • Providing and maintaining a risk dashboard, including risk portfolio management and compliance to the client Information Security policies and standards.
  • Ensuring that the necessary cryptographic services, including for data in transit, in use and at rest, are available for the services provided by the Supplier and all external the client Suppliers as specified within the Cross Functional and Cloud Services scope of work.

Client Management:


  • Meeting with the Client's Service Provider representatives.
  • Presenting the monthly reports and discussing potential areas of improvement and remedial action where required.
  • Timeously informing the Client's Information Security Manager when and where it becomes aware of risks or vulnerabilities as per the risk management process.
  • Participating in the appropriate meeting and governance forums.
  • Providing capabilities that ensure secure service selection without the impairment of service availability and secure, rapid transition among the Cloud Suppliers under arbitrage. The Supplier must ensure that the required service level targets are met by all primary Cloud Suppliers.

Security Compliance:


  • Security Consulting on in scope security services.
  • Organising monthly security meetings to review all operational issues experienced during the month.
  • Providing security monitoring services.
  • Ensuring that T-Systems' security monitoring services are integrated with the client's Security Incident and Event Management solutions.
  • Providing assurance that the infrastructure used to deliver services to the client is secured against unauthorised access and compliant with the client Information Security Standards.
  • Ensuring that any infrastructure used to enable the Supplier to deliver services to the client is secure and patched.
  • Providing data protection services to ensure secure data life cycle management, data leakage prevention, and IP protection, for the services to be rendered to the client.
  • Ensuring that the security of the facilities hosting infrastructure used to deliver services to the client, comply with the client's Policies.
  • Containing any malware outbreak within the period specified within the service level targets.

Document and Report Compliance:


  • Creating process documentation/workflows, knowledge articles and selfservice guidance for relevant processes.
  • Documenting the information security and compliance management process from RACI documents to clarify the Responsible, Accountable, Consulted and Informed roles to clarify and define roles and responsibilities in the cross functional service offering.
  • Compiling a report, which will include commentary indicating the key areas of deficiencies, as well as recommendations for improvement.

Desired Experience & Qualification

  • Previous working experience in a management role for 3 to 5 years within an IT service provider environment.
  • Diploma, Degree or Certificates in Information Technology and/or MBA or equivalent NQF level.
  • ITIL /CISM / CISSP certification
  • Excellent organizational and time management skills
  • Outstanding communication and presentation skills
  • Great analytical skills
  • Ability to identify opportunities for system enabled process improvement
  • Ability to function effectively in a matrix structure
  • Demonstrate credible and influential leadership through technical security knowledge and execution.
  • Strong facilitation, negotiation and conflict resolution skills.

Job Types:
Full-time, Temporary


Ability to commute/relocate:

  • Midrand, Gauteng: Reliably commute or planning to relocate before starting work (required)

Experience:


  • IT service provider management: 3 years (required)
Application Deadline: 2023/01/13
More jobs from Advanced Projects and People
See all jobs of Advanced Projects and People