Head IT Security - Johannesburg, South Africa - Network Contracting

Network Contracting

Verified Company

Johannesburg, South Africa

2 weeks ago

Posted by:

Thabo Mthembu

beBee Recruiter

Description

HEAD:
IT SECURITY, GOVERNANCE, RISK & COMPLIANCE

The Head of IT Security and GRC is responsible for overseeing the organisation's information security program and ensuring compliance with governance, risk management, and regulatory requirements.

This senior leadership role will develop and implement a comprehensive security strategy, manage a team of IT security and GRC professionals, and work closely with various departments to minimize risks and protect the organisation from potential security threats.

The Head of IT Security and GRC will also be responsible for driving a security-aware culture and maintaining a strong governance framework throughout the organisation.

Key performance areas / Key responsibilities:

Security Strategy and Governance: Develop and maintain a comprehensive IT security and GRC strategy, aligned with the organisation's goals and objectives, ensuring a strong governance framework is in place.
Policy and

Compliance Management:

Establish, review, and enforce IT security and GRC policies, procedures, and standards, ensuring they comply with industry best practices and regulatory requirements.

Risk Assessment and Management: Regularly assess, identify, and prioritize potential security risks and vulnerabilities, implementing appropriate risk mitigation measures and controls.
Incident Response and Management: Lead the organisation's incident response team, ensuring efficient detection, containment, and resolution of security incidents, as well as conducting postincident analysis to improve response strategies.
Security Awareness and Training: Promote a securityaware culture within the organisation through continuous education, training, and awareness programs for employees at all levels.
Performance Monitoring and Reporting: Regularly monitor and evaluate the effectiveness of the IT security and GRC programs, providing reports to senior leadership on progress, risks, and areas of improvement.
Vendor and Third-

Party Management:
Ensure that external vendors, partners, and service providers comply with the organisation's security policies, standards, and regulatory requirements.

Audit and Assessment: Oversee IT security and GRC audits, vulnerability assessments, and penetration testing, ensuring timely remediation of identified issues and compliance with relevant regulations.
Budget and

Resource Management:

Manage the budget and resources for the IT Security and GRC department, ensuring effective allocation and utilization to support the organisation's security goals.

Continuous Improvement and ownership: Keep abreast of emerging security trends, platforms, technologies, and threats, and make recommendations for improving the organisation's security posture and GRC framework.
Gap Identification and

Solution Implementation:
Proactively identify gaps in the organisation's IT security and GRC framework by conducting thorough assessments and research.

Evaluate, select, and implement appropriate solutions to mitigate these gaps, ensuring seamless integration and ongoing maintenance to strengthen the organisation's security posture and compliance efforts.

Ownership and Accountability: Assume full ownership and accountability for the organisation's IT security and GRC programs, ensuring that all initiatives are executed effectively and in accordance with established policies, procedures, and standards. Act as the primary point of contact for all IT security and GRCrelated matters, demonstrating a strong commitment to protecting the organisation's digital assets, infrastructure, and information while maintaining compliance with regulatory requirements.
Team Management and Leadership: Lead, mentor, and develop a highperforming team of IT security and GRC professionals, fostering a culture of collaboration and excellence.

Able to effectively communicate at various levels

Likely to engage often with the following individuals/ groups:
Chief Information Officer
Executives
Departmental Heads
Other key external stakeholders

EDUCATION:

MINIMUM QUALIFICATIONS

Bachelors degree in computer science, Information Technology, or a related field

DESIRED/ PREFERRED REQUIREMENTS

Masters Degree
CISSP, CISM, CISA

MINIMUM REQUIREMENTS

A minimum of 10 years of experience in information security, with at least 5 years in a management/leadership role.
A minimum of 7 years of experience in a technical or specialist information security role.

INDUSTRY EXPERIENCE

Financial industry preferred
Exposure to it Strategic Planning and Implementation
Sourcing and managing suppliers

DESIRED/ PREFERRED REQUIREMENTS

Indepth knowledge of IT security principles, best practices, and industry standards, including experience with regulatory compliance (e.g., POPIA, GDPR, HIPAA, ISO
Demonstrated ability to manage a team of IT security professionals, and effectively collaborate with stakeholders at all levels of the organisation.