Information Security Manager - Umhlanga, South Africa - iKhokha

iKhokha
iKhokha
Verified Company
Umhlanga, South Africa

1 week ago

Thabo Mthembu

Posted by:

Thabo Mthembu

beBee Recruiter
Description
Company Description

iKhokha is one of the fastest-growing fintech companies in Africa. As you'd expect, our pace is fast-moving and ever-changing. We like it that way.
Our office is a high performance environment where we push each other to challenge the status quo. If that doesn't appeal to you, you probably shouldn't work here.


Job Description:

We're on the lookout for an experienced Information Security Maestro to join our crew. Your mission? To shield our digital kingdom, create ingenious security strategies, and be the guardian of our data realm.


Purpose of the Role:

To actively protect the organization's assets, data, cryptographic tools (including encryption keys) and information systems from threats. These threats could compromise essential operational data, IT infrastructure, compliance posture and sensitive merchant or employee data.


Also, continually achieving various attestation of compliance (AoC) from regulatory authorities, including but not limited to the Payment Card Industry (PCI) and VISA, while maintaining best practice in accordance with regulatory authorities such as but not limited to the POPI Act.


The Deal Breakers_:
_**- 7+ years' experience as an ISO

  • 7+ years' experience in PCI Data security standards
  • 7+ years' experience in PCI PIN and Key encryption and management of keys
  • 3+ years' experience in POPIA compliance

What does the role entail? _(Areas of responsibilities):_**
Information Security

  • Manage, monitor, and report on the Network Operation Centre (NOC) and Security Operation Centre (SOC).
  • Heads major investigations and responses to critical events that impact the organisation.
  • Manage the selection, testing, deployment and maintenance of security related software products and tools.
  • Software Change Request (SCR) and Network Change Request (NCR) approval.
  • Develop, implement, and amend process, procedures, and policies to ensure correct and secure usage of all Information Security systems.

Compliance and best practice requirements

  • Assess risk and conduct root cause analysis to recommend, implement and/or design new features and functionalities to support payments & information security compliance initiatives.
  • Manage implementation of any new payments & information security compliance requirements for existing or new needs.
  • Manage all evidence collection activities relating to payments & information security compliance.
  • Coordinate with all business units and the enterprise to obtain and validate evidence required for payments & information security compliance and assessments.
  • Incrementally improve the evidence collection process and streamline evidence collection procedures.
  • Regularly communicate PCI DSS, PCI PIN, PCI MPOC and POPI requirements and the status of PCI DSS, PCI PIN, PCI MPOC and POPI compliance to relating business units and Exco.
  • Communicate regularly with assessors and adjust the payments & security compliance program as needed.
  • Coordinates with company and vendor SMEs to ensure adherence to program requirements.
  • Manage relationship of payments & security compliance needs in conjunction with needs of the Product team.
  • Challenge and validates assessment decisions from both internal business units as well as external partners/vendors.
  • Build and manage an ongoing Cybersecurity awareness training program to cater for various business units' compliance requirements.
  • Develop, implement, and amend process, procedures, and policies to ensure compliance and best practice is reached and maintained.

Physical Security

  • Develop, implement, and amend policies to ensure the physical safety of all visitors, employees, and customers.
  • Safeguarding of property and assets of the organization (i.e., equipment, stock, building, storage)
  • Monitor the correct implementation of the organization's security equipment and protocols
  • Alarm system, CCTV, access control, access rights and time zones, arming and disarming of alarm system, alarm activations and armed responses.
  • Simulate security breaches to test the infrastructure, policies and procedures and provide remedies for any shortfalls.
  • Manage the selection, testing, deployment and maintenance of security hardware and software products as well as outsourced arrangements.
  • Take appropriate actions to ensure staff are properly trained on security and security systems and informed on compliance requirements while being well equipped to manage potential issues or breaches.

Information Technologies

  • Manage the selection, testing, deployment, and maintenance of Information Technologies related software products and tools.
  • Develop, implement, and amend policies, processes, and procedures to enable business needs and to ensure Information Technology systems and tools are handled and used in a compliant/ best practice manner.
  • Approve user access rights to Information technologies related software products, tools, services, and sensiti
More jobs from iKhokha
See all jobs of iKhokha