IT Governance and Cybersecurity Manager (CPT/JHB)

IT – Manager
Cape Town – Western Cape ~ Johannesburg – Gauteng

DRIVE the implementation of risk-based IT Governance and Cybersecurity controls while monitoring and reporting on its efficacy as the next IT Governance and Cybersecurity Manager sought by a national provider of Digital Communications. You will be responsible for identifying and promoting ‘best-of-breed’ methods of managing IT and Cybersecurity risk – playing a key influencer role with both business and IT in respect of IT Governance and Cybersecurity and enables a risk-resilient and flexible IT environment. The successful incumbent will possess a Post-grad Degree in IT/Informatics or IT Risk Management, have 5 years suitable work experience including 2 years proven experience managing a team.
  • Drive, review and report on the development and adoption of IT general controls, aligned with international standards.
  • Drive, review and report on the development and implementation of key IT governance policies.
  • Lead the development and adoption of the Information Security strategy and policies, aligned with ISO27001.
  • Drive the implementation of critical information security controls through collaboration with teams responsible for amongst others engineering, infrastructure, product, operations, human resources and facilities. This includes evaluating and recommending new information security technologies and countermeasures against threats to information or privacy.
  • Liaise with any outsource Cybersecurity providers, including defining and monitoring any SLAs.
  • Review and negotiate cost structures associated with any outsource Cybersecurity products and services to ensure value for money.
  • Mature preparedness to manage information security threats and minimise the risk of cyber-attacks.
  • Assist with embedding a Cybersecurity-conscious culture.
  • Lead and coordinate responses to client and internal IT audit requests, including coordinating management responses to audit findings.
  • Prepare and present on the Cybersecurity posture in pitches to new or existing clients, as and when required.
  • Lead and coordinate the creation and management of an IT Risk Register.
  • Report on cybersecurity activities, threats and/or actions on a bi-monthly basis in Exco.
  • Manage and review staff reporting to you to ensure maximum effectiveness of the staff members.
  • Provide Cybersecurity input into significant IT projects.
Qualifications –
  • Post-graduate Degree in either Information Technology, Informatics, Information Technology Risk Management.
Experience/Skills –
  • At least five (5) years relevant working experience.
  • At least two (2) years or more proven experience of managing a team.
  • Fluent in English.
  • Strong analytical ability.
  • Good interpersonal and communication skill, stress management and capable of multitasking.
  • Ability to communicate technical solutions to business stakeholders.
Advantageous –
  • One or more Certifications in: CISSP, CISA, CISM, CHFI, GISP, GCFA, GCED, GCIA or similar industry standard certifications.
  • 2 – 4 Years’ experience in IT related roles: Security and Technical Services experience required.
  • AWS IT infrastructure and Security tool set experience.
  • Familiarity with system monitoring, assessment and reporting tools (GFI, Nessus, Splunk, Syslog).
  • Experience with common information technologies (Windows, VMware, and Fortinet as well as some UNIX/Linux).
  • Ability to work in independent environments under aggressive timelines.
  • Ability to develop and maintain working relationships in a global environment.
  • Outstanding written skills for preparing reports and briefings.
  • Escalates potential risk and internal control weaknesses to management.
  • Experience with Vulnerability and Malware Analysis (threat and attack analysis).
  • Experience with security tools (EDR, anti-virus, data loss prevention, PAM, database security etc.).
  • Experience working with security governance frameworks (NIST, ISO27001, COBIT). 
  • Knowledge of Cloud Security Operations (SaaS, PaaS, IaaS), Mobile Architecture, Network and Application Security and/or Data Protection.