Key Responsibilities

• Work closely with the senior IT Services stakeholders to ensure that appropriate security guidance is provided to support project delivery;
• Manage security incidents and events to protect corporate IT assets, including intellectual property, regulated data and the company's reputation.
• Develop, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program to ensure that the integrity, confidentiality and availability of information is owned, controlled or processed by the organization.
• Provide risk-based direction in conjunction with IT Services for future system enhancements in line with the overall firm’s & clients strategy;
• Monitor the external threat environment for emerging threats, and advise relevant stakeholders on the appropriate courses of action.
• Develop and oversee effective disaster recovery policies and standards to align with enterprise business continuity management program goals. Coordinate the development of implementation plans and procedures to ensure that business-critical services are recovered in the event of a security event. Provide direction, support and in-house consulting in these areas.
• Provide subject matter expertise to support business relationship management functions.
• Act as Data Protection Officer ensuring systems and the information within them comply with current and future (as much is known) requirements.
• Ensure Privasia has an effective Data Classification process in place
• Ensure Privasia as an effective data retention and archiving process in place
• Take ownership and ensure Governance, Policy and Procedures in relation to Management of Information Security meets agreed standards within Privasia.

Technology Risk Assurance

• Have responsibility for scoping penetration testing activities to identify security weaknesses within Privasia's technology environments;
• Develop a culture of in-depth understanding as to why security testing is required at both business and internal team level;
• Analysis of information protection technologies and processes to identify technology security weaknesses;
• Develop risk assessments of data processing systems to confirm the design of logical controls are effective and meet regulatory and legal requirements; and
• Provide quality reports to summarise test activities, including objectives, planning, methodology, results, analysis and recommendations to both technical and non-technical audiences.
• Provide oversight and guidance during security incidents and investigations, ensure root cause analysis is undertaken and input suggested approaches to deal with lessons identified;
• Assist in the enhancement of delivery and management of key technology security platforms including SIEM, PAM, TVM and DLP;
• Provide continuous improvement to the Technology Security function;
• Collaborate with IT Services to develop and maintain secure technology solutions; and
• Actively contribute to the overall Privasia risk management framework reporting to the Head of Risk & Compliance ensuring consistency in the advice we provide to the business

Skills

• Preferred candidates with industry qualifications - CISSP / CISA / CRISC / SABSA
• ISACA Certified Information Manager;
• Broad knowledge of a wide range of Information Technology systems and a deep understanding of the inherent security risks associated with these technologies;
• Understanding of information security principles and best practice (e.g., ISO27001 and ISF Standards of Good Practice for Information Security);
• Strong technical abilities, combined with business acumen;
• Ability to present security topics to a non-technical audience and presenting the business value of security;
• A good understanding of IT networking and access management concepts;
• Ability to understand and assess technology systems and applications from both a technical and business function perspective;
• Ability to communicate business and technical risk to all levels of audience;
• Excellent interpersonal skills with the ability to build and influence teams; and self-motivated

• SIEM
• Symantec DLP
• Rh PAM/ BPMS