Capricorn Group is recruiting a Chief Information Security Officer (m/f), to be based in Windhoek, Namibia.
Description
- The role of the Chief Information Security Officer is to provide strategic leadership of the information security function, enabling a capability for managing the confidentiality, integrity, and availability-related risks that could affect the company's information assets negatively beyond acceptable tolerance levels. The role is responsible to ensure that the company's information security efforts are consistent within the company's Risk, Internal Control and Assurance Framework (RICAF), information security mandate, objectives and target operating model, and ultimately the company's strategic objective and capability model. The role may require carrying out any other appropriate activity that is necessary to fulfill the mandate of the Information Security Office
Duties
- Organizational Structure:
- Design an appropriate structure to facilitate the identification and management of information security risks, which should include a plan for communication across functions
- Facilitate communication across functions on emerging information security risks
- Design & Oversee the implementation of the IS management system:
- Design an appropriate information security strategy
- Drive & coordinate the implementation of the relevant framework & policies
- Report on results (Information)
- Asset Management:
- Oversee the implementation of risk mitigation plans
- Coordinate the design and execution of security awareness training across the Group and monitor the success thereof
- Risk Management:
- Drive the identification, assessment, mitigation, and monitoring of risks related to information security, i.e. be the central point of contact for information security risk management
- Direct information security incident management processes and procedures
- Monitor and report on incidents
- Perform the Group Principal Risk Owner role for Information Security
Report on significant risks
- Cyber Threat Management:
- Prepare the group for the possibility of an attack, catastrophic event, or related incident affecting the security of information
- Participate in the information Security Incident Management process for high-profile incidents
- Monitor the post-incident review stage for the identification of improvement initiatives
- Monitor the frequency and cost of information security incidents in the improvement of current and future risk assessments
- Report on emerging cyber threats and any significant cyber incidents within the Group or industry
- Compliance Management:
- Identify & oversee the implementation of new or changed information security compliance standards
- Oversee the compliance program in relation to relevant information security requirements
- Report on Compliance management
- Policies and Procedures:
- Set a Framework for the development, implementation, and maintenance of appropriate policies and procedures that document practical, repeatable, and defined processes to mitigate risks
- Monitor compliance with internal policies and procedures
- Operational Management:
- Agree on service level agreements and key performance criteria to manage disruptions and reduce incidents to a minimum
- Attend innovation or project management meetings where the development of new products and solutions are discussed and highlight key information security matters
- Delegate or direct the security architecture design components of solutions
- Assurance & Monitoring:
- Ensure that sufficient coverage of information security controls is included in assurance plans
- Monitor critical controls and respond to control failures with appropriate mitigation plans
- Reporting:
- Provide reports to the executive committee and those charged with governance on key matters
Requisites
- University degree, preferably in information security or related field
- CISSP, CISA, and/or CISM certifications; and
- An ISO 27001 lead certification would be a distinct advantage
- Certification in prevalent Firewalls, DLP, and Vulnerability technologies, specifically CISCO
- 10 years experience in information security
- 5 years experience in information security at a senior management level
Notes
- Only shortlisted applicants will be contacted