Job for Senior Manager Information Security in Cape Town 2024

by

Job for Senior Manager Information Security in Cape Town 2024

Remuneration: Market related
Location: Cape Town
Reference: #CPT000097/SM

 
This company is a leading operations management and analytics company that helps businesses enhance growth and profitability in the face of relentless competition and continuous disruption.
The company serves the insurance, healthcare, banking and financial services, utilities, travel, transportation and logistics industries. With headquartered in New York, the company has approximately 25,000 professionals in locations worldwide.
The company’s offices are centrally located in the heart of Cape Town.
Minimum requirements:

  • Minimum graduation (science and engineering background only)
  • One or more of the following certifications: CISSP/CISA/CISM/ISMS Lead Auditor
  • Total Experience: Seven to nine years
  • Four to six years of experience in the field of security consulting and/or security audits for large corporate/BPO with multiple sites. Experience and knowledge on ISO27001, SOX, SAS70, information security audits, security policy and process development, etc.  Experience and knowledge of multiple operating systems, databases, networks, ERP, etc.
  • Risk management experience in either:
  • Implementation of ISO27001 information security management systems (ISMS) and/or security control framework based on:
  • COBIT or GCC (general computer controls) for SOX404 compliance
  • SAS 70 audit requirements
  • Strong domain understanding of offshore technology sectors and/or business operations
  • Capable of managing project tasks individually and as a team
  • Ability to document and explain technical details in a concise and understandable manner
  • Excellent client relationship management skills
  • Excellent oral and written communication skills
  • Excellent presentation and public speaking skills

Primary responsibility:

  • Ensuring implementation and compliance to EXLs information security policies (ISO27001), associated regulations and standards
  • Facilitate external audits, SAS 70 reviews, rating agency reviews and customer audits, and actively project-manage the remediation of audit findings

Performance parameters:

  • Maturity of information security at EXL
  • Compliance to information security policies, standards and processes
  • Security incident management
  • Client relationship management (facilitate external audits, SOX/SAS 70 reviews, rating agency reviews and customer audits)

Role responsibilities:

  • Serve as internal information security consultant to the organisation. Responsible for security planning and effectively managing information security risks within the operating environment
  • Define information security policies, standards and processes for the organisation
  • Implement, manage and report on adherence to information security policies and standards
  • Conduct and also perform reviews of overall information security risk assessments and associated activities including threat and vulnerability analysis, risk identification and review/approve security plans
  • Identify, and report any gaps and issues in risk assessment, risk mitigation, control implementation, testing and monitoring and updating processes
  • Facilitate external audits, SAS 70 reviews, rating agency reviews and customer audits, and actively project-manage the remediation of audit findings
  • Understand corporate incident management process and requirements, and in the event of an incident work closely with corporate security teams
  • Provide direct training and oversight to all employees, affiliate marketing partners, alliances, or other third parties, ensuring proper information security clearance in accordance with established organizational information security policies and processes
  • Initiate, facilitate, and promote activities to create information security awareness within the organisation

Primary internal interactions:

  • Technology group
  • DRP/BCP teams
  • Corporate functions, viz internal audit, HR, facilities, finance, legal, etc.

Primary external interactions:

  • Client/client auditors
  • Security product and service vendors

Take a career to the next level by replying to this ad with a copy of your updated CV and we will call you back to discuss this fantastic job opportunity. Alternatively, send your CV to jobs@blackpenrecruitment.com.