Manager: Information Security Governance, Risk and

Description:

Purpose of the Position:Develop and implement IS and Tech GRC strategy and, manage the end to end governance, risk and compliance function in relation to info sec and provide reports to the CISO and the relevant steering committees.QualificationsUniversity degree in information technology, engineeringProfessional certifications such as Certified Public Accountant (CPA), Certified Internal Auditor (CIA), Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP) and / or Certified Fraud Examiner (CFE) are highly encouraged to apply.ExperienceAt least 5 years of relevant consulting or industry experience, preferably in a professional services environmentAt least 2+ years in managerial roleDuties: Assist the CISO to establish an information security (IS) and tech gov strategy and proactively identify cyber-security threats Implement the information security and tech governance strategy for the group under the guidance of the CISODevelop all information security governance models with supporting documents e.g. policies, processes, standards and guidelines with guidance from the CISO.Consult with relevant stakeholders across the group on development, implementation and enforcement on all aspects of IS governance (policies, standards etc)Manage the end to end governance, risk and compliance in relation to info sec and provide reports to the CISO and the relevant steering committees.Ensure that information security is aligned with COBIT framework and implemented according to agreed maturity levels.Establish an information security risk management strategy and process to report on info sec risks e.g risk acceptance. Regular reporting to the CISO in this regard.Develop threat models for all critical technologies (application and supporting infrastructure).Support the CISO with info security input into the info Security plans.Develop business cases to secure the budget for improvements in the cyber-security maturity.Manage internal ISMS programme and COBIT implementation project and ensure delivery on time and within budgetKeep abreast of emerging technology trends and the implications on information security.