Under the direction of Group IT Manager, the information security officer is overall responsible for IT security, driving the IT security strategy and implementation forward whilst protecting the business from security threats and cyber-hacking. Operational compliance to all Policy, Procedures and standards is the responsibility of the Information security Officer. This role is group-wide and will commonly involve working with the hotel IT managers, systems administrator, consultants and auditors.
The incumbent will be responsible for the following key result areas:
Directly involved:
Formulating and implementing a strategy for the deployment of information securityPerforming formal security audits and risk assessments with a view to minimize exposure
Monitoring security vulnerabilities and hacking threats in network and host systems
Tracking latest IT security innovations and keeping abreast of latest cyber security technologies
Implementing an effective process for the reporting of security incidents and communicating with key stakeholders about IT security threats
Monitoring the daily operation and implementation of the IT security strategy
Conducting a continuous assessment of current IT security practices and systems and identifying areas for improvement
Managing the IT security budget and communicating this with the appropriate parties
Implementation of Network & Server Security including firewalls and patch management
Continually review IT Security installations and incorporate improvements and innovations as a matter of routine.
Review and enforcement of the IT policies, procedures and standards
Develop and deliver training/guidance verbally, written or within training workshops as appropriate to IT Team and IT Systems Users
Assist with legacy application security enhancement
Assist with security on Serena’s e-commerce platforms
Indirect through Site IT teams
Ensure ICT Policy, Procedure and Standards implementation plan is developed and actioned
Ensuring disaster recovery and business continuity plans are up-to-date
Overseeing the investigation of reported security breaches
Monitor Information System audit issues
Follow-up IT security tasks
Implementation of Network, Servers and workstation Security
Knowledge, Skills & Experience required:
A Bachelor’s degree in Computer Science or closely related discipline
CISM or CISSP Certification. Any other security certification will be an added advantage
Minimum of 3-5 years’ experience in a similar position is essential
Excellent verbal, written and interpersonal skills.
Proven leadership skills
Self-motivated and a good team player.
Must have in-depth knowledge of business processes as well as process controls and risks and how these relate to relevant IT audit procedures.
A proven record of dealing with complex projects and meeting conflicting demands
Knowledge of Network monitoring tools, Traffic analysis and intrusion detection systems
Knowledge of information security management best practices such as ISO 27000
Knowledge of threat and vulnerability analysis, risk assessment business impact analysis
Experience of writing effective security policies and procedures
The remuneration package for the position will be commensurate with the candidate’s qualification and experience.