The ISM is responsible for establishing and maintaining a corporate wide information security management program to ensure that information assets are adequately protected. This position is responsible for identifying, evaluating and reporting on information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the enterprise.
Development/adoption and enforcement of Information Security Policies, procedures and standards.
Setting out roadmaps and overseeing adoption of regulatory and best-practice information security frameworks, standards and certifications, as set out and agreed with the Chief Information Officer.
Maintain the organisations Security Policies. These are formal policies that detail and document actual mechanisms and controls and should include at least the following:
Administrative: Risk analysis and management, documentation management and controls, information access controls and sanctions for failure to comply.
Personnel Security: Onboarding and offboarding, Access Control, Adds Moves and Changes, vetting and background check procedures.
Physical Safeguards: Assign security responsibilities, control access to media and the controls in place against unauthorized access to workstations and related equipment.
Technical Security: Set the access and authorization controls for everyday operations as well as emergency procedures for data.
Transmission security: Set the standards for access controls, audit trails, event reporting, encryption and integrity controls.
Maintain the organisations Security Procedures, that include:
Evaluation and compliance with security measures
Disaster Recovery, Backup and Emergency operating procedures
Security Incident Response and process protocols including Incident Reporting and Sanctions
Testing of security procedures, mechanisms, and measures
REQUIREMENTS
Must have 5 or more years’ experience in a technical field, including at least 6 months in a banking, insurance or financial services organisation.
2 years in an information security related field
An excellent communicator – an ability to lead and deliver change and contribute to culture change successfully
Excellent verbal and written communication skills
A security and related qualification, such as ISC, SANS, CBCP accreditation (CISSP etc) or equivalent
TO APPLY
Please send CV’s to jspence@priconsultants.com
To apply for this job email your details to admin@vacancybox.co.zw