Head Of Information Security

*Reference: NWB-KMa-1*A leading group in the Financial Service sector with a global footprint. The company is vibrant, successful and values orientated with an awesome dynamic culture.*Job & Company Description:* As the Head of Information Security, you will be responsible for but not limited to the below: Leadership, management and mentoring of the Information security area and its respective teams. The maintenance and maturing of the security operating model and its underpinning processes and practices. Responsible for defining, prioritising and driving the overarching yearly Cyber Security plan as well as the supporting plans, e.g. security pen test and security awareness programs. Driving the operational effectiveness and application of the Group Cyber Security framework for OUTsurance. The development and maintenance of security standards, guidance and playbooks. Accountable for the effective and reliable identification, detection and resolution of Cyber security incidents. Accountable for preparation of the quarterly Cyber Security Forum presentations as well as chairing the Forum. Working together with the relevant teams to complete questionnaires, assessments and impact studies related to requests from e.g. the Regulator & Group Cyber benchmarking assessments. Responsible for managing and monitoring third parties supplying Cyber security solutions and services. The measurement and reporting on the efficiency and effectiveness of cyber security controls. The identification and monitoring of environmental, threat, and technology trends to optimise the effective short- and medium-term deployment of cyber security controls, contributing to the strategic security roadmap *Competencies: * The successful individual would need to demonstrate the below listed competencies at an advanced level: 'Can do' attitude, comfortable dealing with ambiguity, resilient, strong team player, committed to continuous improvement Very strong interpersonal skills and the ability to build relationships Problem-solving with strong decision-making mind-set Takes initiative and works under own direction Engages professionally Adapts and responds positively to change The ability to multitask and handle stress to meet project deadlines Enthusiasm, energy, determination, and a passion for improving client experience through digital platforms Works meticulously always demonstrating a very high level of attention to detail The ability to multitask and handle stress Strong problem-solving skills and willingness to roll up ones sleeves to get the job Excellent written and verbal communication skills Ability to communicate effectively with management * * * * *Qualifications* * * *Qualifications and experience*: 9 years experience in Cyber Security of which at least 5 years shouldve been in leading technical and operational security functions and teams. Strong security and technical background. Practical experience to implement industry best practices and frameworks. Strong people skills and experience of building, managing and upskilling teams of specialists to meet the objectives of the Cyber security plan. Work closely with the IT Risk Team to ensure Cyber risks are captured & maintained in line with the Group Risk Management framework. Relevant security accreditation and certifications, e.g. CISSP, CISM, CISA, CCSP. Your technical background should cover a wide spectrum of security engineering and operational security skill sets. This must include but is not limited to experience (preferably hands on and technical experience) in the following areas: *Cyber Engineering*: including gateway firewalls, Web Application Firewalls (WAFs), MFA, Internet proxies and security architecture & design. *Offensive Security*: Infrastructure, internal, external, web, mobile, API and cloud pen testing. o *Application Security*: Secure coding solutions, training and awareness on secure coding best practices. o *Defensive Security*: Cyber incident response & management, including incident breach simulations. o *Cyber Operations*: Endpoint security (e.g. security client maintenance & endpoint hardening), Vulnerability management, EDR management, log retention strategy & implementation. *Cyber Governance*: Data loss prevention, maintain & expand Cyber security metrics, 3rd party security assessments, drafting new & expanding existing cyber policies & procedures. *Apply now! * For more IT jobs, please visit ( If you have not had any response in two weeks, please consider the vacancy application unsuccessful. Your profile will be kept on our database for any other suitable roles / positions. For more information contact: Thapelo Mofokeng Recruitment Consultant R -
Johannesburg, GT, ZA