Manager – Information Security & Risk (Pinelands) needed at Western Cape Blood Service

Description

• The Western Cape Blood Service is a non-profit organisation whose mission is to collect, process and distribute blood and blood products of the highest standards in the Western Cape.
• Reporting to the Head – IT, a vacancy exists for an Information Security & Risk Manager (Paterson Grade C5). The ISRM is an exciting leadership role that requires an individual with a strong technical background and 3 – 5 years security experience, as well as an ability to work with the IT organization and business management, to further develop and manage the Information Security program.

Purpose of the Job

• To maintain the organisation wide information security management program and ensure that information assets are adequately protected. This role is responsible for identifying, evaluating, mitigating and reporting on information security risks and the application of security controls that serve to protect our assets.

Key Responsibilities:

• Develop and maintain information security standards and procedures
• Implement ISO27001 in WCBS
• Provide recommendations for security solutions or enhancements to existing controls
• Plan, implement and report on improvements to the security environment
• Monitor all security solutions for efficient and appropriate operations
• Manage outsourced vendors that provide information security functions for compliance with contracted service-level agreements
• Perform regular Identity & Access Management and security access reviews
• Schedule security assessments and evaluate and analyse threats, vulnerability, impact and risk of security issues discovered
• Conduct risk assessments on operations and projects and verify that information security requirements are effectively addressed
• Develop and maintain Response Plans for InfoSec Incidents, POPIA breaches, etc
• Develop and maintain Information Security related policies
• Provide support and guidance for legal and regulatory compliance efforts
• Coordinate, assist and guide the disaster recovery planning team in the selection of recovery strategies
• Develop and manage the annual IT Information Security budget
• Build and manage a security information awareness program
• Apply required measures to ensure that WCBS’s Information and Cyber Security controls and associated processes are effective

Requirements
Minimum Requirements and Responsibilities

• National Diploma / Degree in Computer Science
• Information Security certification(s) such as CASP, SSCP, CISSP, CISM, CRISC
• ITIL Certification
• Strong leadership skills and the ability to work effectively with business managers, IT engineering and IT operations staff
• The ability to build strong relationships at all levels and across all business units and understand business imperatives
• A strong understanding of the business impact of security tools, technologies and policies
• Excellent verbal, written and interpersonal communication skills, including the ability to communicate effectively with the IT organization, project and application development teams, management and business personnel
• Knowledge of and experience in developing and documenting security architecture and plans, including strategic, tactical and project plans
• Strong analytical skills to analyse security requirements and relate them to appropriate security controls
• Experience developing and maintaining policies, procedures, standards and guidelines
• Experience with common information security management frameworks, such as International Standards Organization (ISO) 2700x and National Institute of Standards & Technology (NIST) Cyber-Security Framework
• Familiarity with applicable legal and regulatory requirements, including, but not limited to Protection of Personal Information Act and the Cybercrimes Act