PermanentJob for Information Security Risk Lead Wanted
Job for Information Security Risk Lead Wanted
Job Type: Permanent
Company/Employer: SOL_Governance, Risk and Compliance – Johannesburg
Job Title: Job for Information Security Risk Lead Wanted
IQbusiness is the largest independent management and technology consulting firm in Africa.
We are looking for someone to join our Governance, Risk and Compliance (GRC) team as the IT Governance, Compliance and Information Security Risk Lead.
In a world that is constantly changing, organisations need to adapt quickly to respond to new risks and take advantage of new opportunities. IQ’s GRC division advises organisations on how to effectively mitigate risk and make informed and intelligent risk decisions around business processes, technology, and operations.
Our clients are our priority. A one size fits all approach does not work for us. We provide our clients with solutions tailored to their specific needs, using tried and tested methodologies and best practices in the industry. We are looking for a dynamic Self-starter, passionate about making a positive impact to our clients by delivering cutting edge solutions, through a robust delivery approach.
To lead the IT Governance and Information Security Risk stream within the GRC line of business. Core responsibilities will be to establish and maintain a framework that provides clients with resilient risk, governance, compliance and information security strategies that support sustainable business growth. These strategies need to be aligned with applicable regulations and standards, adhere to relevant frameworks, policies and internal controls and outline the necessary roles and responsibilities to manage identified risks. The position will provide leadership in IT governance, compliance, risk management and project management. The individual must be well versed in Information systems and technology.
- Computer Science or Information Technology Degree or equivalent
- Project Management, Governance and Risk Management qualifications
- The following certifications or equivalent would be advantageous:
- Technology GRC Certifications such as CGEIT or COBIT
- Information Security Management Certifications such as CISSP, CISM, or CCISO
- Privacy Certifications such as CDPSE or CIPP/CIPM/CIPT
- Risk Management and Audit Certifications such as CRISC, CISA or CRM
- Additional compliance and regulatory certifications such as ISO 27001 / 27002 would put the candidate in good standing
- Framework Certifications such as ISO 27001 Implementer/Auditor
- IT Security Governance, IT Compliance, IT Audit, Risk Management and Cybersecurity management knowledge is mandatory.
- Regulatory requirements, standards, policies and procedures applicable to information technology and information security management.
- Sound understanding of ISO security standards
- Knowledge of familiar IT Infrastructure Management frameworks including ITIL, COBIT and TOGAF.
- Information systems auditing, monitoring, controlling, and assessment processes.
- Risk assessment and management methodologies.
- Knowledge of cyber and cloud security standard governance frameworks, risk strategies, architecture, design, operations, controls, technology, solutions, and services will be advantageous.
Experience & Skills:
- Minimum 8-10 years proven track record in IT Security and GRC
- 2-3years experience in the management consulting business or a strategic role
- 3 – 5 years in a senior leadership role, managing and growing a team within the IT Security and GRC domains.
- Developing and implementing governance, risk, and compliance frameworks, policies, strategies and solutions.
- Reporting on GRC and security in an organisation.
- Embedment of Technology and Information related compliance practices.
- Updating compliance to the IT regulatory landscape.
- Project management and planning.
- Developing IT security teams and strategies.
- Incident response management and disaster recovery experience would be beneficial.
- Troubleshooting and operating a computer and various software packages.
- Privacy Management & Compliance.
- Cyber Security Risk management and assessments.
- Third Party Risk Management, vendor assessments and oversight.
- Strong vendor management and partner relationship skills.
- Communicate technical issues to diverse audiences, both in writing and verbally.
- Investigate and analyse data to identify gaps and problem solve.
- Research best practices and apply new technologies to solve complex problems.
- Adapt to changes easily and update project plans and materials appropriately.
- Handle sensitive, confidential and private information appropriately.
- Understand complex client requirements and develop fit for purpose solutions.
- Manage relationships with a broad range of stakeholders.
- Provide quality service in pressured environments.
- Prioritise multiple tasks, work well in a team and independently, and delegate effectively.
- Pay attention to detail.
- Lead GRC’s approach to IT Security Risk Management, Governance and Compliance.
- Develop a team of IT Governance and Risk Compliance specialists to deliver on client projects.
- Provide advisory and monitoring assistance to GRC clients to enable them to develop resilience in their IT environments.
- Review, develop and implement IT Security organisational structures and technology, and governance, risk and compliance frameworks, charters, policies, and strategies.
- Perform IT Audits, develop comprehensive IT risk registers and remediate risk issues.
- Research and apply the necessary Technology and Security tools, standards, and regulations to solve problems for clients.
- Conduct independent security controls assessments of information security capabilities in line with relevant regulations and standards such as ISO 27001 and Cybersecurity frameworks such as NIST, CSF AND CIS.
- Ensure relevant security service-level agreements are in place.
- Develop cloud risk strategies, policies and frameworks.
- Perform IT security risk and vulnerability assessments.
- Implement, assess and test security controls and report on them to key stakeholders.
- Identify and eliminate process inefficiencies and develop automated risk, governance and compliance solutions.
- Develop reporting processes for IT Risk Management, Compliance, Governance and Information Security functions.
- Develop partnerships and collaborate with solution providers in the IT Risk Management, Compliance, Governance and Information Security domains.
- Provide thought leadership in the areas of IT Risk Management, Compliance, Governance and Information Security.
- Maintain, review and assure IT Governance maturity and standards in organisations.
- Provide training on Governance, Compliance, IT Risk and Information Security principles.
127 total views, 1 today