Function Specialist: Info & Cyber Mngt
Transnet SOC Ltd
Date: 1 day ago
City: Johannesburg, Gauteng
Contract type: Full time
To Ensure That Transnet Freight Rail’s(TFR) Business Environment Is Safe, Secure, Reliable And Resilient Through Provision Of Capabilities Designed To Protect Technology, Information Assets And Infrastructure Resources By
Ensuring strategic alignment of information and cyber security in support of business objectives; ensuring availability, confidentiality, integrity, auditability of the TFR’s information systems; ensuring conformity of applicable laws, regulations and standards as well as preventing non repudiation of computer based activities mechanisms. Assisting the business with the selection and implementation of these solutions.Position OutputsStrategy Leads the design, development and implementation of Information and cyber Security Strategy for TFR Operations Technology and Business Systems, Platforms and Infrastructure environment in line with Group ICT Information and Cyber Security Strategy Lead the design, establishment and implementation of Cyber Security Operations Centre Capabilities designed to ensure monitoring of TFR environment and responsiveness to threats and vulnerabilities identified before an incident occurs. Align and oversee that all security requirements are met during the IT Strategic Roadmap implementation. Ensure IT strategies and roadmap initiatives support and are aligned to the security frameworks and policies in place. Ensure enterprise Information Security Architecture is aligned with IT Strategic Roadmap. Develop and communicate security strategies and plans to executive team, staff, partners, customers, and stakeholders
Information and Cyber Security Management Design, Develop and implement information and cyber security framework that adequately addresses the key cyber pillars of Identify, Protect, Detect, Respond and Recover in line with best practice frameworks such as COBIT, NIST, ISO and SABSA / TOGAF. Oversee and direct information and cyber security activities to execute the information security programme. Lead the TFR IT security team: plan, organize, assign, supervise and monitor the work of team members Ensure that the rules of use for information systems and the administrative procedures for information systems comply with the TFR’s information security policies. Ensure that services provided by other enterprises, including outsourced providers are consistent with established information security policies.
Define and maintain the security frameworks for Information Security Architecture, Information Security Management and Information Security Technical Operations. Establish constant vigilance over critical information assets. Manage the administration of all computer security systems and their corresponding or associated software, including firewalls, intrusion detection systems, cryptography systems, and anti-virus software. Manage the administration of the facility’s security systems and their corresponding equipment or software, including fire alarms, locks, intruder detection systems, sprinkler systems, and anti-theft measures. Support CIO by managing the IT security architecture through effective information security management and technical security operations functions.
Establish, control and manage effective mechanisms for resolving all Information security breaches and challenges for TFR. Ensure effective management of access to information. Ensure effective information security architectures supported by management and technical operations functions. Ensure a formal set of processes are in place by which TFR can identify various IT security concerns, gaps and remedial actions to ensure the security of IT operations. Define and communicate corporate plans, procedures, policies, and standards for the organization for acquiring, implementing, and operating new security systems, equipment, software, and other technologies
Policies and Procedures Ensure effective IT security frameworks, policies and procedures are in place and updated when necessary. Ensure security policies/procedures are defined and implemented across business units and processes. Provide Management Information/Reports to the CIO and Business, where necessary, on the status of Information Security and relevant information.
Reporting Management and Reporting on information security, cyber breaches and risk mitigation. Create a culture of high performance, value-for-money, optimisation and innovation in Information and Cyber Security function and manage performance of the team effectively.
People Management Plan, organise, lead and control subordinate's activities to ensure sub-functional objectives are met or exceeded. Manage people development initiatives, succession planning, talent management and performance management to meet functional performance standards. Coach team and create a pro-learning environment. Assess team development needs and close gaps. Provide technical / professional support to internal and external stakeholders to ensure achievement of functional and organisational objectives.
Stakeholder Management Build, support and maintain healthy, diverse internal and external relationships (government, authorities and agencies) to ensure achievement of organisational goals. Implement remedial actions where required.
Governance /Compliance/Risk Monitor and ensure adherence to statutory regulations, organisational standards, policies and procedures. Ensure remedial actions are implemented timeously to address non-conformances. Establish and maintain a framework to provided assurance that information security strategies are aligned with business objectives and consistent with applicable laws and regulations. Identity current and potential legal and regulatory issues affecting information and cyber security and assess their impact on the TFR business and operations. Establish and maintain information security policies that support business goals and objectives. Identify and manage information security risks to achieve business objectives: Develop systematic, analytical and continuous risk management process. Ensure that risk identification, analysis and mitigation activities are integrated in projects and processes life cycle.
Identify and analyze risks through suitable and recommended methods Ensure effective and regular communication of new statutory regulations, organisational standards, policies and procedures to ensure full awareness amongst stakeholders. Financial Management Develop and manage OPEX budget. Track and monitor expenditure. Provide input into ICT overall budget including CAPEX
Information and Cyber Security Programme Management Design, develop and implement execution of the information and cyber security programme in line with the ICS Strategy and Roadmap Establish and maintain plans to implement the information and cyber security governance framework. Design, develop and implement information and cyber security awareness mindset and culture to ensure that business users are vigilant and cyber threat aware. Define annual information security budget and obtain Information Security Steering Committee approval. Establish and manage capability to response to and recover from disruptive and destructive information systems events: Design, elaborate and implement processes for detecting, identifying and analyzing security related events.
Develop response and recovery plans including organizing, training, and equipping teams. Ensure periodic testing of the response and recovery plans where appropriate. Remain informed on trends and issues in the security industry, including current and emerging technologies and prices. Advise, counsel, and educate executive and management teams on their relative importance and financial impact.
Response Management Design, develop, coordinate, maintain and supervise implementation of Information and Cyber Security Response Plans in case of Cyber Security Incident. Develop response and recovery plans including organizing, training, and equipping teams. Establish and manage capability to response to and recover from disruptive and destructive information systems events: Design, elaborate and implement processes for detecting, identifying and analyzing security related events. Ensure periodic testing of the response and recovery plans where appropriate.
Qualifications and ExperienceQualifications & Experience:
Ensuring strategic alignment of information and cyber security in support of business objectives; ensuring availability, confidentiality, integrity, auditability of the TFR’s information systems; ensuring conformity of applicable laws, regulations and standards as well as preventing non repudiation of computer based activities mechanisms. Assisting the business with the selection and implementation of these solutions.Position OutputsStrategy Leads the design, development and implementation of Information and cyber Security Strategy for TFR Operations Technology and Business Systems, Platforms and Infrastructure environment in line with Group ICT Information and Cyber Security Strategy Lead the design, establishment and implementation of Cyber Security Operations Centre Capabilities designed to ensure monitoring of TFR environment and responsiveness to threats and vulnerabilities identified before an incident occurs. Align and oversee that all security requirements are met during the IT Strategic Roadmap implementation. Ensure IT strategies and roadmap initiatives support and are aligned to the security frameworks and policies in place. Ensure enterprise Information Security Architecture is aligned with IT Strategic Roadmap. Develop and communicate security strategies and plans to executive team, staff, partners, customers, and stakeholders
Information and Cyber Security Management Design, Develop and implement information and cyber security framework that adequately addresses the key cyber pillars of Identify, Protect, Detect, Respond and Recover in line with best practice frameworks such as COBIT, NIST, ISO and SABSA / TOGAF. Oversee and direct information and cyber security activities to execute the information security programme. Lead the TFR IT security team: plan, organize, assign, supervise and monitor the work of team members Ensure that the rules of use for information systems and the administrative procedures for information systems comply with the TFR’s information security policies. Ensure that services provided by other enterprises, including outsourced providers are consistent with established information security policies.
Define and maintain the security frameworks for Information Security Architecture, Information Security Management and Information Security Technical Operations. Establish constant vigilance over critical information assets. Manage the administration of all computer security systems and their corresponding or associated software, including firewalls, intrusion detection systems, cryptography systems, and anti-virus software. Manage the administration of the facility’s security systems and their corresponding equipment or software, including fire alarms, locks, intruder detection systems, sprinkler systems, and anti-theft measures. Support CIO by managing the IT security architecture through effective information security management and technical security operations functions.
Establish, control and manage effective mechanisms for resolving all Information security breaches and challenges for TFR. Ensure effective management of access to information. Ensure effective information security architectures supported by management and technical operations functions. Ensure a formal set of processes are in place by which TFR can identify various IT security concerns, gaps and remedial actions to ensure the security of IT operations. Define and communicate corporate plans, procedures, policies, and standards for the organization for acquiring, implementing, and operating new security systems, equipment, software, and other technologies
Policies and Procedures Ensure effective IT security frameworks, policies and procedures are in place and updated when necessary. Ensure security policies/procedures are defined and implemented across business units and processes. Provide Management Information/Reports to the CIO and Business, where necessary, on the status of Information Security and relevant information.
Reporting Management and Reporting on information security, cyber breaches and risk mitigation. Create a culture of high performance, value-for-money, optimisation and innovation in Information and Cyber Security function and manage performance of the team effectively.
People Management Plan, organise, lead and control subordinate's activities to ensure sub-functional objectives are met or exceeded. Manage people development initiatives, succession planning, talent management and performance management to meet functional performance standards. Coach team and create a pro-learning environment. Assess team development needs and close gaps. Provide technical / professional support to internal and external stakeholders to ensure achievement of functional and organisational objectives.
Stakeholder Management Build, support and maintain healthy, diverse internal and external relationships (government, authorities and agencies) to ensure achievement of organisational goals. Implement remedial actions where required.
Governance /Compliance/Risk Monitor and ensure adherence to statutory regulations, organisational standards, policies and procedures. Ensure remedial actions are implemented timeously to address non-conformances. Establish and maintain a framework to provided assurance that information security strategies are aligned with business objectives and consistent with applicable laws and regulations. Identity current and potential legal and regulatory issues affecting information and cyber security and assess their impact on the TFR business and operations. Establish and maintain information security policies that support business goals and objectives. Identify and manage information security risks to achieve business objectives: Develop systematic, analytical and continuous risk management process. Ensure that risk identification, analysis and mitigation activities are integrated in projects and processes life cycle.
Identify and analyze risks through suitable and recommended methods Ensure effective and regular communication of new statutory regulations, organisational standards, policies and procedures to ensure full awareness amongst stakeholders. Financial Management Develop and manage OPEX budget. Track and monitor expenditure. Provide input into ICT overall budget including CAPEX
Information and Cyber Security Programme Management Design, develop and implement execution of the information and cyber security programme in line with the ICS Strategy and Roadmap Establish and maintain plans to implement the information and cyber security governance framework. Design, develop and implement information and cyber security awareness mindset and culture to ensure that business users are vigilant and cyber threat aware. Define annual information security budget and obtain Information Security Steering Committee approval. Establish and manage capability to response to and recover from disruptive and destructive information systems events: Design, elaborate and implement processes for detecting, identifying and analyzing security related events.
Develop response and recovery plans including organizing, training, and equipping teams. Ensure periodic testing of the response and recovery plans where appropriate. Remain informed on trends and issues in the security industry, including current and emerging technologies and prices. Advise, counsel, and educate executive and management teams on their relative importance and financial impact.
Response Management Design, develop, coordinate, maintain and supervise implementation of Information and Cyber Security Response Plans in case of Cyber Security Incident. Develop response and recovery plans including organizing, training, and equipping teams. Establish and manage capability to response to and recover from disruptive and destructive information systems events: Design, elaborate and implement processes for detecting, identifying and analyzing security related events. Ensure periodic testing of the response and recovery plans where appropriate.
Qualifications and ExperienceQualifications & Experience:
- Bachelor’s Degree or Equivalent qualification in Information Technology and/or Computer Science
- Post-Graduate qualification an added advantage Certifications (at least one of the certificates issued by a recognized professional organization)
- A Certified Information System Security Professional (CISSP) and/or
- Certified Information Security Manager (CISM) and /or equivalent certification from a recognised professional organisation is required. Minimum 8 - 10 years’ experience in Information and Cyber Security Discipline within IT and business/industry work experience including design and deployment of Information and Cyber security programmes, Cyber Tools lifecycle management in line with Information and Cyber Security Architecture Strategy and Roadmap. At least 3 years of experience must be in a leadership position managing multiple, large, cross-functional teams or projects, and influencing senior level management and key stakeholders
- Requirement of trust and honesty in the handling of finances as per the National Credit Act Amendment 19
- Must undergo Lifestyle Audit General: Valid Driver’s License Code ‘08 Willing to TravelCompetenciesCore Competencies
- Strategy and sustainability
- Business performance and delivery
- Relationship management
- Corporate governance and compliance
- Personal mastery Knowledge: Working knowledge of the Transport industries will be added advantage Understanding of Technology Trends and an appreciation of the dynamics of the public sector Excellent strategic and tactical planning capabilities in Information and Cyber Security management Strong knowledge of IT Strategy and Enterprise Security disciplines (including information / data architecture, security frameworks and data protection laws and regulations) Strong knowledge of general business processes, organisational security and technical security processesEquity StatementPreference will be given to suitably qualified Applicants who are members of the designated groups in line with the Employment Equity Plan and Targets of the Organisation/Operating Division.
See more jobs in Johannesburg, Gauteng