Datafin

Information Security Manager

IT – Infrastructure
Cape Town – Western Cape

ENVIRONMENT:
MANAGE the Information and Cyber Security program, as well as support various infrastructure refresh initiatives of a cutting-edge FinTech company seeking the technical expertise of a highly solutions-driven and strategic thinking Information Security Manager. This will further include the adoption of cloud technologies, workplace and network modernisation, and outsourcing of specialised functions while you guide business and technology teams in how to ensure the security, integrity, and governance of information assets, ensuring alignment with the Groups overall Information Security vision. The successful incumbent must be CISSP and/or CISM Certified with 12+ years relevant Information Security experience, with at least 5 years working at a technical level. You will require experience in cybersecurity architecture design and governance in both data centre and cloud environments, Azure, M365, solid understanding of cyber controls and/or vendors, specifically SIEM/EDR/NDR/DLP/IAM/PAM & experience with Risk Management/Control frameworks such as ISO27001 and/or NIST.
 
DUTIES:
  • Develop, and maintain the Groups Cyber Security strategy, and roadmap.
  • Establish and improve the Information Security Management System (ISMS).
  • Maintain Information Security and Cyber Risk Registers.
  • Develop operational processes and controls and assess their effectiveness in mitigating information and cyber risks.
  • Facilitate the remediation of identified infrastructure and process vulnerabilities.
  • Collaborate with business areas to support data discovery exercises to ensure data governance is matured and maintained.
  • Develop Information Security policies, standards, and guidelines.
  • Develop and ensure secure configuration standards and baselines are adhered to.
  • Ensure Incident Response Plans remain current and effective.
  • Create an information security culture and oversee the awareness training program.
  • Conduct regular and ongoing monitoring and reporting on the Groups compliance with regulatory information security standards, policies, and regulations.
  • Promote security principles in areas such as infrastructure, application, and cloud technologies.
  • Continuously research and assess technologies, vendors, and processes to drive efficiency and inform decisions.
  • Review and manage contracts and agreements with security service vendors.
 
REQUIREMENTS:
Qualifications –
  • Related professional qualification such as CISSP and/or CISM.
 
Experience/Skills –
  • 12+ Years relevant Information Security experience, with at least 5 years working at a technical level.
  • Proven experience as an Information Security Officer, Manager and/or Consultant.
  • Experience in cybersecurity architecture design and governance in both data centre and cloud environments.
  • Practical implementation experience in Risk Management/Control frameworks such as ISO27001 and/or NIST.
  • Solid understanding of cyber controls and/or vendors, specifically SIEM/EDR/NDR/DLP/IAM/PAM.
  • Technical security design and integration experience within a large division/organisation.
  • Comprehensive background of Cloud Security Architecture within Azure and M365.
  • Understanding of financial sector regulations and compliance such as POPIA, and their technical application.
 
ATTRIBUTES:
  • Must be assertive with good communication skills at all levels.
  • Excellent communication and relationship building skills.
  • Good documentation and report writing skills.
  • Track record in strategic and operational hands-on management. 
  • Expert problem-solving skills.