IT Security Manager

Main Purpose of the role is to manage and deliver information security operational tasks which assess and monitor the security of applications infrastructure data and overall health of the Company IT Security landscape.

Minimum Requirements:
•Grade 12/Matric or Senior Certificate
•Relevant IT Qualification
•CISSP/CISMA/CISA Certification
•5 Years relevant experience within information security
•Management Experience
•Experience in monitoring security applications infrastructure and data
•Developing and implementing security policies
•Monitor and manage cyber / information security compliance initiatives
•Engage with infrastructures such as storage firewalls networks windows and linux systems

Job Specification:
IT Security Management:
•Develop and implement information security policies procedures and ensure that the security strategies are applied to eliminate security risk for the organisation.
•Align standards frameworks and security with overall business and technology strategy and industry best practice
•Analyse and define security risks to design possible mitigation actions such as performing assessment and diagnostics of security risks.
•Document all the security policies and to promote activities and procedures to create a general awareness about the significance of
•security within the organisation.
•Maintain Security by monitoring the collective Security environment identifying gaps evaluating and implementing enhancements
•Analyse and review ongoing information security plans on the systems throughout the entire network of the organisation.
•Monitor the internal controlling systems to ensure its accessibility whenever it is required by the users.
•Assist with vulnerability assessments and remediation on missioncritical systems.
•Input into the design and implementation of standards policies guidelines and appropriate architectural principles to ensure the company’s cyber security goals continue to be met.
•Reviews IPS security and audit logs (system/application) weekly.
•Manage server desktop and application patch management to ensure highest level of security on all critical systems.
•Define and implement security baseline configurations for components servers and applications.
•Create technical standards to guide engineering teams on installation and configuration of new technologies that adopt best practices and are inline with existing policies and standards.
•Develop and enhance an information security management framework (POPIA ISO 27001 CIS Top 18 PCI/DSS and NIST).
•Define and facilitate the information security risk assessment process including reporting and overseeing treatment efforts to address negative findings.
•Conduct security due diligence for 3rd party acquisitions and partnerships.
•Direct and oversee compliance audits and assessments.
•Develop and oversee effective disaster recovery policies and standards to align with enterprise business continuity management program goals.

IT Security & Compliance:
•Manage and maintain system endpoint protection software.
•Monitor and manager Cyber/Information Security Compliance initiatives and flag any potential risks to the business. Oversee the management of PCI compliance and ITCG related tasks.
•Monitor all Internet email and security systems and Identify investigate or resolve security breaches.
•Design security awareness programmes and develop training material and phishing campaigns.
•Implement Active Directory organizational unit (OU) structure and Group Policy Objects (GPO’s) to manage security policies for computers and users.
•Maintain enduser status updates on transfer terminations and leave of absence etc.
•Ensure that red team exercises are conducted regular vulnerability scans are performed scan results are highlighted reports are
•generated on the scans and remedial action is ensured where deviations are identified.
•Supports realtime monitoring and mitigation of security events. (SOC).

Reporting and Administration:
•Maintain accurate record off all relevant IT activities.
•Provide regular feedback and recommendations to management on all projects and daily functions.
•Provide monthly metrics reports for security infrastructure and account status.
•Review alerts and data from sensors and document formal technical incident reports.
•Assist the auditors (internal and external) with auditrelated documents.
•Manage VPN user account administration and Enterprise Mobility.
•Ensure all internal customer request and queries are adhered to within a reasonably expectable timeframe.
•Ensure internal customers receive accurate feedback regarding IT matters.
•Stakeholder Partnerships
•Engage with infrastructures such as; Storage Firewalls Networks and Windows and Linux systems. This role also includes add PCI and ITCG tasks.
•Collaborate with Head of Infrastructure and Security and senior IT Services stakeholders to ensure that appropriate security guidance is provided to support project delivery.
•Advise IT Managers on possible preventative measures which could be taken to reduce risk of intrusion.

Team Management:

•Implement department strategy by setting annual objectives for the IT Security teams and tracking progress.
•Facilitate the creation of accountable full service teams who understand and strive to meet the needs of all stakeholders through effective inspirational leadership.
•Drive performance management of all direct reports motivate and manage them in relation to quality standards and agreed benchmarks and objectives focusing on all aspects of sound people management.
•Ensure appropriate skilled resources are in place to meet

Competencies:
•Understanding of Security principles such as Confidentiality Integrity and Availability. Network security (e.g. SSL HTTP DNS SMTP IPSec) and encryption techniques. Understanding of ITIL concepts. Investigation and remediation of security incidents i.e. understanding of associated processes and reporting.
•Approach problems in a rational intellectual manner. Will base decisions on a logical analysis of available evidence. Managing and executing processes of a project including time cost quality change risks and issues.
•The exchange of information or services among individuals groups or institutions; specifically the cultivation of productive relationships for employment or business ties in with entrepreneurship.
•Acts as a role model to others and talks to others about the need for high standards and quality. Develops systems and procedures to manage data and info and shares these with others.
•Reaches deals or compromises. Formally delivers information to groups.
•Using data in the form of numbers to analyse concepts. Leads the development and integration of campaign plans across multiple disciplines within the organisations to gain greater efficiencies and success.
•Enforces governmental laws rules and regulations and initiates enforcement actions in a way that the public perceives as fair objective and reasonable. Enables cooperative and productive group interactions.
•Deadline orientated and good time management skills. Proactive and be able to resolve problems and queries independently. Working under pressure. Accountability & Dependability. Maintains composure in highly stressful or adverse situations. Displays emotional resilience and the ability to withstand pressure on an ongoing basis. Seeks support from others when necessary and uses appropriate coping techniques.