What will you do?
- Develop and enhance the information security management framework and IT risk management programme in a manner that meets compliance and regulatory requirements for Mainstream Lead the strategic security planning to achieve business goals by prioritising cyber-defence strengthening initiatives and coordinating the evaluation, deployment, and management of current and future security technologies using a risk-based assessment methodology.
- Perform security audits and cyber security risk assessments.
- Define corporate security plans, procedures, policies, and standards for acquiring, implementing, and operating new security systems and other technologies and ensure appropriate communication on these to Leadership teams, Colleagues, JV’s, customers, and external stakeholders. Define and coordinate the monitoring and verification activities to ensure that IT systems are developed, operated, and maintained in line with security policies and to ensure the early detection of cybersecurity issues.
- Lead the development, testing, and maintenance of cybersecurity incident response processes. Define the scope for security testing and vulnerability assessments and coordinate these.
- Accountability for retention of ISO-27001 Information Security certification and expansion of scope to additional locations.
- Collaborate with Data Protection committee and HR to establish and maintain a system for ensuring that security and privacy policies are adhered to and designed to prevent personal data breaches. Recommend and implement changes in security policies and practices in accordance with changes in applicable data protection laws in all Mainstream jurisdictions.
- Develop and report on cybersecurity KPIs, including SLA/Uptime for all IT Infrastructure, vulnerability assessments (e.g. Penetration testing), security training, and security events.
- Accountable for running bi-annual Disaster Recovery Testing. Assist with business continuity plans, procedures, audits, and enhancements ensuring that IT requirements are included and tested in these.
- Keep informed of trends and issues in the security industry, including current and emerging technologies and prices. Advise, counsel, and educate executive and management teams on their relative importance and financial impact.
What we require?
- Proven experience in planning, organising, and developing IT security solutions.
- Experience in cybersecurity risk assessments, threat modelling and mitigation, planning and executing security policies, and security standards development.
- Excellent knowledge of technology environments, including information security, physical security, and defence solutions.
- Certification in cyber security and/or information security.
- Good understanding of, or experience of implementing: Firewalls and firewall management; intrusion detection and prevention systems; content filtering; data leak prevention; vulnerability management lifecycle; identity and access management solutions; security incident & event monitoring; and security operations centres.
- Excellent understanding of project management principles.
- Good understanding of the organisation’s goals, objectives, and cybersecurity threat landscape.
- Demonstrated ability to appropriately apply IT in solving security problems.
- In-depth knowledge of applicable laws and regulations as they relate to security and data protection.
- Proven leadership and management ability.