Senior Specialist - IM Security, Risk and Complian

Description:

* Alignment with Group and Industry benchmarking * Responsible for developing, planning, implementing and managing and enterprise-wide information security plans * Collaboration with senior management to continuously improve existing controls and develop effective security practices in Information Management * Liaise between internal and external audit teams * Schedule and launch periodic audit reviews * Develop and train team members and the transfer of knowledge gained through experience * Track and measure the IM risk posture * Liaise between internal and external audit teams * Schedule and launch periodic internal assurance reviews * Plan and oversee risk mitigation and remediation projects * Develop and train team members and the transfer of knowledge gained through experience * Develop and deliver risk awareness training for key staff and stakeholders * Alignment with Group and Industry benchmarking * Coordinate Sarbanes Oxley testing across all Business units for Information Management Qualifications * B-Degree (NQF 6/8 or NQF 7/10) or M-Dip (NQF 7/8 or NQF 8/10) * Security, Risk & Compliance and related certifications, including: CISA, CRISC, COBIT, ITIL will be advantageous * Membership to professional bodies such as ISACA, (ISC)2 will be advantageous Experience & Requirements * 6 years relevant Information Management (IM) Security, Risk and Compliance domain * Proven experience in planning, organising, and developing IT security system technologies * Conducting and coordination of IT audits * Experience in planning and executing security policies and standards development * Project management experience * Exposure to CAPEX and OPEX budget control * Stake Holder and Vendor Management * Information Technology General Controls (ITGC) and Sarbanes Oxley testing experience * Experience in IM Governance, Risk and Compliance * Experience in vulnerability management process * Proven experience in audit of legislative and/or regulatory compliance * Working knowledge of security tools (i.e. DarkTrace, Tenable.IO, antimalware, IPS, DLP) * Knowledge of IT Security Baseline Controls * Development and delivery of Security Awareness Training program * Information Security, policies, procedures and standards, physical security and network security * Network, databases, systems and/or Web operations * Knowledge / application of COBIT (IT Governance) * Knowledge in ITIL (IT service management) and or * Project management * Basic understanding of King IV * Relevant Security and Privacy frameworks e.g. ISO27001/2, NIST 800 series * Knowledge and understanding of cloud computing * Risk management frameworks * Knowledge and understanding of business continuity and disaster recovery * Legislation such as GDPR, ECT, POPIA, Cyber Crime bill, etc. *Personal attributes* * Demonstrates persistence and overcomes obstacles * Mature personality with hig