the Senior Information Security Officer plays a major role in the teams security compliance related activities and responsibilities as listed below. Reporting to the Information Security Manager, The Senior InfoSec Officer is responsible for maintaining a corporate wide information security management program to ensure that information assets are adequately protected. Working under the direction of the ISM, This position is responsible for identifying, evaluating and reporting on information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the enterprise.
Duties And Responsibilities
- Enforcement of Information Security Policies, procedures and standards
- Maintain the organisations Security Policies. These are formal policies that detail and document actual mechanisms and controls and should include at least the following:
- Administrative: Risk analysis and management, documentation management and controls, information access controls and sanctions for failure to comply.
- Personnel Security: Onboarding and offboarding, Access Control, Adds Moves and Changes, vetting and background check procedures.
- Physical Safeguards: Assign security responsibilities, control access to media and the controls in place against unauthorized access to workstations and related equipment.
- Technical Security: Set the access and authorization controls for everyday operations as well as emergency procedures for data.
- Transmission security: Set the standards for access controls, audit trails, event reporting, encryption and integrity controls.
- Maintain the organisations Security Procedures, that include:
- Evaluation and compliance with security measures
- Disaster Recovery, Backup and Emergency operating procedures
- Security Incident Response and process protocols including Incident Reporting and Sanctions
- Testing of security procedures, mechanisms, and measures.
- Maintain appropriate security measures and mechanisms to guard against unauthorized access to electronically stored and /or transmitted customer data and protect against reasonably anticipated threats and hazards.
- Oversee the on-going security monitoring of organisation information systems including:
- Assess information security risk periodically
- Conduct functionality and gap analyses to determine the extent to which key business areas and infrastructure comply with statutory and regulatory requirements.
- Evaluate and recommend new information security technologies and counter-measures against threats to information or privacy.
- Ensure compliance through adequate training programs and periodic security audits. These audits should be both internal and external in nature.
- Reporting and enforcement of non-compliance matters – working in conjunction Human Resources and other stakeholders to ensure non-compliance is responded to in a manner that complies with company policy, regulatory, contractual and legal requirements.
- As a senior member of the Information Security Team, you will also participate in a range of analytical and technical tasks as a remit of the team, including:
- monitor for attacks, intrusions and unusual, unauthorised, or illegal activity
- participating in the testing and evaluation of security products
- design new security systems or upgrade existing ones
- use analytical tools to determine emerging threat patterns and vulnerabilities
- engage in 'ethical hacking', for example, simulating security breaches and overseeing penetration testing
- identify potential weaknesses and implement measures, such as firewalls and encryption
- investigate security alerts and provide incident response
- monitor identity and access management, including monitoring for abuse of permissions by authorised system users
- own and maintain an information security risk register and act as the primary stakeholder with internal and external audits relating to information security
- monitor and respond to 'phishing' emails and 'pharming' activity
- planning for, and overseeing the rehearsal/testing of Disaster Recovery
- liaise with stakeholders in relation to cyber security issues and provide future recommendations.
Qualifications And Experience
The Postholder will be expected to operate confidently with a high degree of autonomy, able to act independently with minimal oversight from the business.
Candidates should possess the following skills:
- 5 or more years’ experience in a technical field, including at least 6 months in a banking, insurance, or financial services organisation.
- 2 years in an information security related field
- An excellent communicator – an ability to lead and deliver change and contribute to culture change successfully
- Excellent verbal and written communication skills
- A security related qualification such as ISC, SANS, CBCP accreditation or equivalent
- A passionate interest in information security related topics
- excellent attention to detail, analytical skills and an ability to analyse complex technical information in order to identify patterns and trends
- an ability to work under pressure, particularly when dealing with threats and at times of high demand.
- A strong competency using standard analytical techniques, data mining and analysis tools (basic tools such as Sed/Grep through to advanced AI and SIEM platforms)
- Have an excellent working knowledge of PCI-DSS, ISO 27001, and supporting best practice guidelines such as NIST SP 800 and CSCS
- keep up to date with the latest security and technology developments
- research/evaluate emerging cyber security threats and ways to manage them
- documentation and report writing skills, including:
- ability to generate reports for both technical and non-technical staff and stakeholders
- ability to assist with the creation, maintenance and delivery of cyber security awareness training for colleagues
- ability to provide advice and guidance to staff from a variety of backgrounds on information security related issues.
- time-management, project management and organisational skills to manage a variety of tasks, prioritise workloads and meet deadlines.
- excellent IT skills, including knowledge of computer networks, operating systems, software, hardware and security
- an understanding of the cyber security risks associated with various technologies and ways to manage them
- an applied working knowledge of various security technologies such as network and application firewalls, host intrusion prevention/detection and anti-virus
- the ability to work as part of a team and to build strong relationships with staff and other relevant individuals.
This position is a permanent, full time position based in our offices in Harare, Zimbabwe. Please ensure you are eligible to live and work in that location before applying. We're looking for the best technical skills in the country and offer a package unrivalled to attract the very best.
How To Apply