Purpose

To implement a comprehensive Information Technology security program with the Information Technology lines of business to protect their applications and supporting infrastructure from both internal and external threats, manage threats and incidents when these materialise, ensure compliance with regulatory requirements regarding Information Technology security, ensure the appropriate use of assets and educate employees about their Information Technology security responsibilities.

Key Responsibilities

• Develop and maintain relationships with key stakeholders to further embed the partnership that exists between IT Security, IT and the business.
• Research and maintain knowledge of the IT threat landscape, security trends, regulatory requirements, new technologies and best practices in order to provide sensible and pragmatic security advice to stakeholders.
• Develop a security assessment schedule across the respective lines of business / business units. Conduct reviews of applications, systems, underlying infrastructure and related processes as per the schedule.
• Establish, maintain and improve logical access management practices for all users (Generic, User, Service and Privileged) by the application of appropriate manual and/or automated processes – in order to provide assurance that the right people have the right level of access to Liberty’s information.
• Implement and validate all aspects of the access management lifecycle, as prescribed by the appropriate policies and standards.

Additional Key Responsibilities

• Develop an awareness and training plan for the line of business that is fit for purpose, aligned with strategy and considers a range of risk data points e.g. audit findings, risk and control self-assessments, IT Security risk assessments, emerging threats and risks, and incidents.
• Create awareness to the IT Executives and broader IT community on the back of new threat and risk intelligence. Proactively create awareness on recurring risk themes.
• Participate in the development of new and the annual review of existing IT Security Policies, Standards and Guidelines by providing input to enhance the quality and completeness of these documents.
• Communicate the requirements for compliance to the IT Security Policies, Standards and Guidelines to the relevant parties within IT.

Minimum Experience

• 3 – 8 years’ experience in a similar environment, of which 5 – 6 years at Technical Level.

Minimum Qualifications

• Degree in Management practices.
• Compulsory – CISSP (Certified Information Systems Security Professional).
• Mandatory –  ISACA CISM (Certified Information Security Manager).