Job Description
What you will be responsible for:
- Establish, build and maintain strong relationships with business unit management
- Formulate and maintain data/ information security governance frameworks, policies, processes and practices aligned with applicable data protection and data privacy regulations, contractual obligations, Payment Card Industry Data Security Standard and ISO 27001/ ISO 27002 leading practices.
- Communicate data/ information security governance priorities across the organization and plan, coordinate, monitor, report and advise on the status of key priorities
- Coordinate, implement and maintain tools, processes and practices to support the effective implementation, operation and continual improvement of the Information Security Management System across the organization
- Embedding data protection and data privacy regulations, contractual obligations PCI - DSS Standards ISO 27001/ ISO 27002 leading practices
- Establish, implement and maintain effective tools, processes and practices to support Incident and Problem management
- Establish, implement and maintain effective tools, processes and practices to enhance data/ information security awareness across the organization
- Maintain up-to-date knowledge of relevant government and state regulation as well as the nature and type of business operations to enable effective assessment of data/ information security risks
- Maintain up-to-date business data/ information risk registers (legal/ regulatory requirements, systems/ information ownership, user access matrices, awareness training, suppliers/ third parties, supplier security assessments, PCI DSS compliance, risks/ corrective actions, security exceptions, etc.)
- Formulate and maintain up-to-date information stores, user guides and advisories to assist business managers/ information owners effectively manage data/ information security risks
- Coordinate, facilitate and/ or conduct information security and PCI DSS awareness and training
- Coordinate necessary business legal and regulatory compliance assessments in relation to data/ information governance and security.
- Five years’ experience covering business analysis, information security and project management
- Experience in assessing and managing business process, supplier, system, IT and project risks
- Experience in ISO27001/ ISO27002 and other information security risk management frameworks
- Experience in facilitating workshops and focussed business meetings to achieve consensuses
- Good understanding of data protection and privacy regulations
- Good understanding of PCI DSS requirements, payment touch-points and related business process
- Degree qualified or significant experience in Information Security, Business Analysis or Project Management
- Significant experience in managing/ coordinating business-focussed data/ information security governance projects
- Experience in conducting data/ information security governance workshops and user awareness sessions
- One or more IT/ information security certifications will be considered an added advantage (CISSP, CISM, CISA, ISO27001 Lead Auditor/ Lead Implementer).