24 Security Infrastructure Management jobs in Johannesburg

Are you a highly motivated security specialist with hands-on Fortinet experience looking for your next big challenge?

Our client is building a dynamic, energetic team and needs YOU to help secure cutting-edge networks!

1. Configure & manage top security tech (Fortinet-focused) - Project Management experience is a must!
2. Respond to security alerts & analyze reports
3. Keep systems updated & patched

1. 3-5+ years in network security engineering
2. 2+ years hands-on experience with Fortinet products (mandatory)
3. Relevant IT security qualifications (Fortinet certs preferred)
4. Strong communication, problem-solving & attention to detail

Salary: Negotiable based on experience

Only applicants with the required experience will be considered. Ready to level up your career?

Network and Security Engineer JOHANNESBURG NORTH

JHB North, Johannesburg – Gauteng

Network and Security Engineer

Paterson Grade : D-Upper

12 Month Contract Position

Key performance areas :

Overall cybersecurity compliance, management, and training throughout the organization.

Ensures that data integrity, and that information is kept accurate and consistent unless authorized access.

Managing and monitoring all installed systems and infrastructure.

Organization-wide cybersecurity and related document, process, and record management to ensure that systems and products are safe / secure and effective.

Installing, configuring, testing, and maintaining operating systems, application software and system management tools.

Ensuring the highest levels of systems and infrastructure availability.

Proposes design enhancements, capacity changes, contingency and recovery.

Arrangements as required to ensure that service targets are met within the organisation’s planned budget.

Ensures the investigation and diagnosis of operational incidents.

Resolve such incidents, including any capacity and availability management issues to maintain overall performance.

Acts as the technical lead on projects relating to security, data, and voice network management.

Provides advice and guidance on the design and development of new and changed systems to optimize operational efficiency.

Ensures that appropriate software and specialist monitoring tools are used to maintain awareness and control of hardware and software.

Monitors exceptional incidents and conducts or initiates investigations on system performance.

Proposes and implements consequent improvements working towards industry top benchmark targets.

Coach and monitor junior engineers, setting standards of performance and objectives (both collective and individual) in line with service objectives, provides direction and support to all team members ensuring that the highest professional standards are observed.

Monitor and test application and network performance for potential bottlenecks, identify possible solutions, and work with developers to implement those fixes.

Competencies, Knowledge, and Skills :

Knowledge of NIST and other security related frameworks.

Documentation (both process documentation and records management).

Broad knowledge of hardware, networking cyber security, vulnerability management and cloud migration.

In-depth understanding of infrastructure and network architecture and design.

Working knowledge on end points security solutions (firewalls, anti-virus, and network vulnerability assessments

Access control systems

Incidents detection and management.

Excellent analytical and problem-solving skills.

Strong Troubleshooting / problem-solving ability.

Understanding of virtual environments and containers.

Extensive understanding of Networks switching and routing as well as Voice technologies SIP and SBS’s.

Extensive understanding of firewalls, IPS, ACLS, DLP and vulnerability assessment.

Understanding of Enterprise Linus and Windows servers and services.

Experience with monitoring systems.

Experience with automation software.

Minimum Requirements :

Relevant Degree / National Diploma in Information Technology / Computer Science / Information Systems or equivalent

3-4 year’s experience in ICT security : (ie : 4 Years senior systems engineer experience / 3 years as a team lead / 2 Years’ senior security engineer experience / 2 Years’ senior data engineer experience / 2 Years’ senior voice engineer experience)

Certificate or equivalent in Information / IT Security such as CISSP, SISM, CCSP. ITIL would serve as an added advantage.

Closing Date : 6 March 2024

Should you not hear from us within 14 days of the closing date, please consider your application unsuccessful.

Network Engineer • JHB North, Johannesburg - Gauteng

1 month ago Be among the first 25 applicants

Location: Harare or Johannesburg South Africa - On site at one of these locations

Hours: Full Time

Reports to : Chief Technology Officer - Africa Clinical Research Network

Our Mission:

The African Clinical Research Network (ACRN) is an African-led and African-driven clinical research organisation. Our work not only promotes and supports a vibrant life sciences ecosystem but also profoundly impacts Africa's health and economic development. By facilitating sustainable, innovative, collaborative, and community-oriented research, ACRN is poised to transform healthcare and improve lives across Africa, inspiring a new era of clinical research.

We provide high-quality data, harmonise regulatory processes to improve timelines, support capacity building within the existing ethics and regulatory systems, and enhance community trust and research participation. These are some of the first key steps to making Africa more competitive in the global life sciences industry, a goal we are proud to contribute to.

The ACRN drives clinical research excellence by connecting researchers to opportunities, enhancing research capacity in existing facilities, implementing high-quality trials and research, and leveraging a robust digital infrastructure.

We are committed to fostering the community's understanding of research. Through our community engagement network, we significantly increase stakeholder buy-in of clinical results, thereby enhancing the transparency and credibility of our research.

Job Summary:

We are seeking a Network and Security Engineer with expertise in healthcare IT security, HL7 data exchange, and compliance with healthcare regulations. This role is responsible for designing, implementing, and securing network infrastructure in a healthcare environment, ensuring the confidentiality, integrity, and availability of Health Information Systems (HIS) while supporting interoperability standards such as HL7, FHIR, and DICOM.

The ideal candidate will have strong experience in network security, healthcare data standards, and regulatory compliance (HIPAA, HITECH, POPIA, GDPR) and will play a key role in securing electronic health records (EHRs) and clinical data exchanges both on premise and across multiple clouds.

Key Responsibilities:

Healthcare Network & Infrastructure Security

Design, implement, and maintain secure network architectures for healthcare IT environments, including hospitals, clinics, IoT and telemedicine platforms.

Manage and secure HL7 interfaces, FHIR APIs, and data interoperability between healthcare systems (EHRs, PACS, LIS, HIS, RIS, etc.).

Configure, maintain, and optimize firewalls, VPNs, IDS/IPS, NAC, Cloud Security and secure VLAN segmentation to ensure network security.

Design and manage the organization SD-Wan and its policies

Implement a ZERO Trust environment

Establish secure data channels allowing for health data sharing and interoperability

Creating secure trusts between ACRN and its partner sites.

Troubleshoot network connectivity and integration issues related to HL7 data exchange and interoperability.

Data Security & Compliance

Implement encryption, access control, and data loss prevention (DLP) strategies to protect HIS/EHR and sensitive patient records.

Ensure compliance with healthcare data protection regulations (HIPAA, HITECH, POPIA, GDPR, GCP, GLP, ISO 27001).

Conduct risk assessments, vulnerability scans, and penetration testing to identify security gaps and implement remediation strategies.

Develop and enforce security policies and procedures for healthcare IT infrastructure.

Threat Management & Incident Response

Monitor SIEM (Security Information & Event Management) solutions for suspicious activity and potential security incidents.

Respond to cyber threats, malware, ransomware, and phishing attacks, and implement mitigation strategies.

Lead incident response and forensic investigations for security breaches affecting healthcare data.

Develop disaster recovery (DR) and business continuity (BC) plans to ensure minimal downtime in case of security incidents.

Manage Microsoft 365 environment security for all tools in the stack including Intune policies MDM, and Active directory online.

Interoperability & Health Data Exchange Security

Secure healthcare messaging protocols (HL7 v2.x, HL7 v3, FHIR, DICOM, X12, CDA, IHE).

Collaborate with EHR vendors, medical device manufacturers, and health information exchanges (HIEs) to ensure secure data exchange.

Monitor API security for FHIR-based applications and healthcare integrations.

Collaboration & Continuous Improvement

Work closely with healthcare IT teams, compliance officers, and clinicians to ensure secure and efficient IT operations.

Stay updated on emerging threats in healthcare cybersecurity, including medical device security, IoT threats, and cloud-based risks.

Provide security awareness training for healthcare staff to prevent insider threats and human error-based breaches.

Qualifications & Experience:

Bachelor's degree in Computer Science, Cybersecurity, Healthcare Informatics, or a related field.

5+ years of experience in network security and IT infrastructure, preferably in a healthcare environment.

Strong knowledge of healthcare standards and data security (HL7, FHIR, DICOM, HIPAA, HITECH, ISO 27001, POPIA).

Hands-on experience with firewalls, VPNs, IDS/IPS, SIEM, and endpoint security solutions.

Proficiency in Cisco, Palo Alto, Fortinet, Juniper networking and security devices.

Experience securing EHRs, health information exchanges (HIEs), and cloud-based health platforms (AWS, Azure, Google Cloud for Healthcare).

Strong understanding of medical device security, IoT security, and cloud security best practices.

Knowledge of scripting and automation (Python, PowerShell, Bash) is an advantage.

Certifications (Preferred):

CCNA Security / CCNP Security

Certified Information Systems Security Professional (CISSP)

Certified Ethical Hacker (CEH)

HealthCare Information Security and Privacy Practitioner (HCISPP)

CompTIA Security+

Certified HL7 Specialist (optional, but a plus)

Key Competencies:

Strong problem-solving and analytical skills in network security and healthcare IT environments.

Excellent communication skills to work effectively with technical and non-technical stakeholders.

Ability to work under pressure in fast-paced healthcare environments with high data sensitivity.

Work Environment:

This position can be based in Zimbabwe or South Africa, with occasional travel to other office locations as necessary. The role may require flexible working hours to support remote teams and ensure systems are running smoothly across time zones.

Please apply online providing a covering letter specifically highlighting how your existing skills and experiences support fulfilling the responsibilities of this role.

• Seniority level Mid-Senior level

• Employment type Full-time

• Job function Other
• Industries IT Services and IT Consulting

Referrals increase your chances of interviewing at Ellison Institute of Technology Oxford by 2x

Get notified about new Network Security Engineer jobs in Johannesburg, Gauteng, South Africa .

Johannesburg, Gauteng, South Africa 1 week ago

Johannesburg, Gauteng, South Africa 9 months ago

Johannesburg, Gauteng, South Africa 2 days ago

Johannesburg Metropolitan Area 6 days ago

Johannesburg, Gauteng, South Africa 1 week ago

Midrand, Gauteng, South Africa 1 month ago

Midrand, Gauteng, South Africa 1 month ago

Johannesburg, Gauteng, South Africa 1 month ago

Johannesburg Metropolitan Area 3 hours ago

Johannesburg Metropolitan Area 5 days ago

Randburg, Gauteng, South Africa 6 days ago

Johannesburg Metropolitan Area 1 week ago

Johannesburg, Gauteng, South Africa 3 months ago

Midrand, Gauteng, South Africa 1 month ago

Johannesburg, Gauteng, South Africa 3 months ago

Johannesburg, Gauteng, South Africa 1 week ago

Johannesburg, Gauteng, South Africa 1 month ago

Johannesburg, Gauteng, South Africa 1 week ago

Johannesburg, Gauteng, South Africa 1 week ago

Johannesburg, Gauteng, South Africa 3 months ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Experian Johannesburg, Gauteng, South Africa

Experian Johannesburg, Gauteng, South Africa

Get AI-powered advice on this job and more exclusive features.

Experian is a global data and technology company, powering opportunities for people and businesses around the world. We help to redefine lending practices, uncover and prevent fraud, simplify healthcare, create marketing solutions, and gain deeper insights into the automotive market, all using our unique combination of data, analytics and software. We also assist millions of people to realize their financial goals and help them save time and money.

We operate across a range of markets, from financial services to healthcare, automotive, agribusiness, insurance, and many more industry segments.

We invest in people and new advanced technologies to unlock the power of data. As a FTSE 100 Index company listed on the London Stock Exchange (EXPN), we have a team of 22,500 people across 32 countries. Our corporate headquarters are in Dublin, Ireland. Learn more at experianplc.com.

Experian is a global data and technology company, powering opportunities for people and businesses around the world. We help to redefine lending practices, uncover and prevent fraud, simplify healthcare, create marketing solutions, and gain deeper insights into the automotive market, all using our unique combination of data, analytics and software. We also assist millions of people to realize their financial goals and help them save time and money.

We operate across a range of markets, from financial services to healthcare, automotive, agribusiness, insurance, and many more industry segments.

We invest in people and new advanced technologies to unlock the power of data. As a FTSE 100 Index company listed on the London Stock Exchange (EXPN), we have a team of 22,500 people across 32 countries. Our corporate headquarters are in Dublin, Ireland. Learn more at experianplc.com.

Principal Responsibilities

• Collaborate with technical and business teams to address security flaws and implement remediation plans.

• Oversee application security tasks, ensuring alignment with audit requirements and internal policies.

• Support change and incident management processes, with a focus on high-priority incidents (P1 & P2).

• Provide guidance to development and support teams on security-related ticket requirements and process expectations, ensuring SLA compliance.

• Act as a liaison with internal stakeholders to ensure clear communication and quality engagements.

• Support governance and administrative functions, including audit preparation and policy development.

• Compile and deliver regular reports, including weekly, monthly, and OSM-specific security metrics.

Required Key Skills (Functional/Technical)

Application Security & Vulnerability Management

• Familiarity with Common Vulnerability Scoring System (CVSS)

• Experience with tools like OWASP ZAP, Veracode, Rapid7 (on-prem), and Wiz.IO (cloud vulnerability management and CSPM)

• Track and assist in the closure of identified vulnerabilities, working closely with IT and Development teams

• Review and maintain secure configurations for systems, applications, and network devices

Security Fundamentals

• Working knowledge of encryption, authentication, and secure data transmission

• Knowledge of network security principles and firewall configurations

• Familiarity with SSO and MFA using OKTA, and directory services such as MS Active Directory

• Experience with CyberArk PAM for privileged access management

Security Information and Event Management (SIEM)

• Use of Splunk SIEM for real-time threat detection and log analysis

• Review and optimise SIEM use cases to enhance threat detection and response capabilities

Monitoring & Endpoint Security

• Experience with Tanium and MS Defender for server and endpoint security management

• Familiarity with IBM Guardium for database activity monitoring

• Exposure to Cyera for data identification and classification

Cloud & Infrastructure Security

• Experience with Wiz.IO for cloud security posture management (CSPM) and IaC scanning

• Understanding of secrets management using AWS Secrets Manager, Azure Key Vault, or GCP Secrets Manager

• Familiarity with Thales and AWS KMS/HSM for key management

Other Tools & Platforms

• Knowledge of SailPoint for identity governance

• Experience with CyCognito for external attack surface management

• Familiarity with Imperva for WAF, DDoS, and botnet protection

• Exposure to ProofPoint and MS Office365 Message Security for email security

• Use of 1Password for credential management

• Awareness of Netwrix for password policy enforcement

• Degree or equivalent qualifications and experience in Computer Science, Information Technology, Data or a related field Technical & Security Experience
• Experience with automated and manual methods for evaluating security controls in both on-prem and cloud environments
• Experience in monitoring and reporting on security flaws and supporting related remediation activities
• Familiarity with change management processes in technology environments Risk, Controls & Compliance
• Contribute to accurate statistical reporting on the market’s IT security posture
• Ensure first line of defence (1LoD) ownership of non-compliance issues, exception justifications, mitigation controls, and risk documentation
• Ensure accuracy and timely completion of control testing and remediations
• Collaborate with Security Partners, RISOs and other governance functions to drive remediation of identified security deficiencies
• Ability to compile management reports and presentations on technical risks, controls, and deficiencies Communication & Collaboration
• Strong ability to communicate complex information clearly and effectively
• Good collaboration, relationship-building, and interpersonal skills
• Act as primary liaison with internal, local and regional stakeholders, ensuring quality engagements and clear progress updates
  
  

Our uniqueness is that we celebrate yours. Experian's culture and people are important differentiators. We take our people agenda very seriously and focus on what matters; DEI, work/life balance, development, authenticity, collaboration, wellness, reward & recognition, volunteering. the list goes on. Experian's people first approach is award-winning; World's Best Workplaces 2024 (Fortune Top 25), Great Place To Work in 24 countries, and Glassdoor Best Places to Work 2024 to name a few. Check out Experian Life on social or our Careers Site to understand why.

Experian is proud to be an Equal Opportunity and Affirmative Action employer. Innovation is an important part of Experian's DNA and practices, and our diverse workforce drives our success. Everyone can succeed at Experian and bring their whole self to work, irrespective of their gender, ethnicity, religion, colour, sexuality, physical ability or age. If you have a disability or special need that requires accommodation, please let us know at the earliest opportunity.

Experian Careers - Creating a better tomorrow together

Find out what its like to work for Experian by clicking here

• Seniority level Not Applicable

• Employment type Full-time

• Job function Information Technology

Referrals increase your chances of interviewing at Experian by 2x

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Join to apply for the Information Security Management System (ISMS) Specialist role at Vector Logistics

Join to apply for the Information Security Management System (ISMS) Specialist role at Vector Logistics

Overview

We are a Supply Chain and Sales & Merchandising partner adding value to your business through a fully integrated, temperature-controlled network in Southern Africa.

Permanent

Midrand

Overview

We are a Supply Chain and Sales & Merchandising partner adding value to your business through a fully integrated, temperature-controlled network in Southern Africa.

But we are also more than that. We are people serving people. While we boast the best in tech and infrastructure, our people are our greatest resource. With our skilled, curious, can-do people at the forefront, our assets become your assets, our service your solutions.

Vector’s vehicle fleet includes a food industry first in ‘multi-temperature’ vehicles enabling the company to service business across frozen, chilled and ambient temperature zones on a single delivery.

Job Purpose

Information Security Management System (ISMS) Specialist is responsible for the end-to-end implementation, maintenance, and continuous improvement of the Information Security Management System (ISMS) in accordance with ISO/IEC 27001 standards. The incumbent will play a pivotal role in ensuring the confidentiality, integrity, and availability of our information assets, while also ensuring compliance with legal and regulatory requirements.

Key Responsibilities

ISMS Development And Implementation

• Lead the design, implementation, and continuous improvement of an ISMS aligned with ISO/IEC 27001 and other relevant frameworks (e.g., NIST, POPIA, CIS, CSA etc.).
• Develop, implement, and maintain information security policies, procedures, and guidelines.
• Assess existing information security practices and recommend improvements.
• Ensure the organization's ISMS aligns with business needs, regulatory requirements, and industry best practices.
  
  

• Perform risk assessments to identify potential security risks to the organization's information assets in alignment to ISO 31000.
• Develop risk treatment plans and assist in the implementation of risk mitigation strategies.
• Conduct ongoing risk assessments and audits to ensure the effectiveness of the ISMS.
  
  

• Ensure compliance with ISO/IEC 27001 and other industry standards and regulations.
• Prepare the organization for certification audits and support the audit process.
• Coordinate with auditors and certification bodies.
• Maintain records and documentation to ensure traceability and compliance with ISMS requirements.
  
  

• Provide training to staff and management on information security best practices, policies, and compliance requirements.
• Promote a culture of information security awareness across the organization.
• Support the creation of an internal security awareness program.
  
  

• Assist in the development and testing of incident response plans.
• Provide guidance and support in handling information security incidents.
• Ensure incidents are documented and reported in accordance with regulatory and contractual obligations & assist in post-incident analysis to determine the cause and recommend preventive actions.
  
  

• Define and monitor ISMS-related KPIs and metrics.
• Monitor and report on the performance of the ISMS, identifying areas for improvement.
• Monitor compliance with security policies and procedures.
• Lead regular internal audits to assess the effectiveness of the ISMS.
• Recommend and implement improvements based on audit findings, risk assessments, and evolving industry practices.
• Keep up-to-date with emerging threats, vulnerabilities, and regulatory changes.
  
  

• Assess and monitor third-party vendors and service providers for information security compliance.
• Assist in the integration of ISMS controls into third-party contracts and SLAs.
  
  

• This role plays a critical role in managing and maintaining relationships with both internal and external stakeholders.
• These interactions are essential for ensuring the organization’s security posture is robust and aligned with its strategic objectives.
  
  

• Bachelor’s Degree: A bachelor’s degree in information security, Computer Science, Information Technology, or a related field is required.
• Mandatory Requirement: ISO27001 Lead Implementer Preferrable: ISO27001 Lead Auditor, Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA)
• The ISMS Specialist role demands a robust combination of technical expertise, specialized knowledge, and strong leadership abilities. The ideal candidate must have an intrinsic understanding of the ISMS statement of applicability.
• The ideal candidate should possess in-depth knowledge of information security frameworks such as ISO/IEC 27001, NIST, and CIS Controls. Familiarity with IT governance frameworks (e.g., COBIT, ITIL)., and have extensive experience in risk management, incident response, and compliance, particularly with South African regulations like POPIA and the Cybercrimes Act.
• Soft skills such as excellent communication, adaptability, attention to detail, and ethical judgment are also vital, enabling the Information Security Compliance Specialist to convey complex security concepts, adapt to evolving threats, and uphold the highest standards of security and privacy within the organization. Experience in BIA, BCM, DR.Include experience in vulnerability management, patching, JML.
• Minimum of 7-10 years of experience in the field of information security, cybersecurity, or a related discipline, with at least 1-3 years in a managerial or leadership capacity. This experience should include hands-on management of security frameworks such as ISO/IEC 27001 and NIST, as well as significant exposure to risk management, incident response, and compliance with industry regulations.
• Proven experience of leading ISO/IEC 27001 certification projects and certification maintenance.
• Experience in working with ISO27001 certification bodies.
• Development of audit and ISMS remediation plans.
• Familiarity with data protection laws and industry regulations.
• Relevant professional certifications such as CISM, CRISC, or CISA, which validate their expertise in key areas of information security. Knowledge of security tools, including Microsoft Sentinel, CyberReason, and Microsoft Defender, is essential for managing the organization’s security posture effectively.
  
  

• Strategic Thinking: Ability to align security strategies with business objectives and anticipate future challenges.
• Technical Expertise: Knowledge of security frameworks, technologies, and tools, with strong proficiency in threat analysis and mitigation.
• People Management: Strong leadership skills to build, manage, and effectively leverage external resources.
• Decision-Making and Judgment: High discretion in making critical security decisions, balancing immediate needs with long-term goals.
• Collaboration and Communication: Excellent interpersonal skills for engaging with both technical and non-technical stakeholders and building strong relationships.
• Problem-Solving and Analytical Skills: Strong analytical abilities to assess and resolve complex security issues across organizational boundaries.
• Compliance and Regulatory Knowledge: In-depth understanding of relevant regulations and standards, ensuring ongoing compliance.
• Adaptability and Resilience: Ability to adapt to changing security landscapes and manage high-pressure situations.
• Ethical Integrity: Commitment to upholding the highest ethical standards in all security practices
  
  

• Seniority level Mid-Senior level

• Employment type Full-time

• Job function Information Technology
• Industries Transportation, Logistics, Supply Chain and Storage

Referrals increase your chances of interviewing at Vector Logistics by 2x

Johannesburg, Gauteng, South Africa 2 days ago

Johannesburg, Gauteng, South Africa 1 week ago

Johannesburg Metropolitan Area 3 days ago

Johannesburg, Gauteng, South Africa 1 month ago

Randburg, Gauteng, South Africa 4 days ago

Johannesburg, Gauteng, South Africa 1 week ago

Randburg, Gauteng, South Africa 5 days ago

Pretoria, Gauteng, South Africa 2 weeks ago

Johannesburg Metropolitan Area 3 days ago

Centurion, Gauteng, South Africa 4 days ago

Johannesburg, Gauteng, South Africa 1 day ago

Johannesburg, Gauteng, South Africa 6 days ago

Johannesburg, Gauteng, South Africa 5 days ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Information Security Management System (ISMS) Specialist

Permanent

Midrand

Overview

We are a Supply Chain and Sales & Merchandising partner adding value to your business through a fully integrated, temperature-controlled network in Southern Africa.

But we are also more than that. We are people serving people. While we boast the best in tech and infrastructure, our people are our greatest resource. With our skilled, curious, can-do people at the forefront, our assets become your assets, our service your solutions.

Vector’s vehicle fleet includes a food industry first in ‘multi-temperature’ vehicles enabling the company to service business across frozen, chilled and ambient temperature zones on a single delivery.

Job Purpose
Information Security Management System (ISMS) Specialist isresponsible for the end-to-end implementation, maintenance, and continuousimprovement of the Information Security Management System (ISMS) in accordancewith ISO/IEC 27001 standards. The incumbent will play a pivotal role inensuring the confidentiality, integrity, and availability of our informationassets, while also ensuring compliance with legal and regulatory requirements.

Key Responsibilities

ISMS Development and Implementation:

• Lead the design, implementation, and continuous improvement of an ISMS aligned with ISO/IEC 27001 and other relevant frameworks (e.g., NIST, POPIA, CIS, CSA etc.).
• Develop, implement, and maintain information security policies, procedures, and guidelines.
• Assess existing information security practices and recommend improvements.

• Ensure the organization's ISMS aligns with business needs, regulatory requirements, and industry best practices.

Risk Assessment and Management:

• Perform risk assessments to identify potential security risks to the organization's information assets in alignment to ISO 31000.
• Develop risk treatment plans and assist in the implementation of risk mitigation strategies.
• Conduct ongoing risk assessments and audits to ensure the effectiveness of the ISMS.

Compliance and Audits:

• Ensure compliance with ISO/IEC 27001 and other industry standards and regulations.
• Prepare the organization for certification audits and support the audit process.
• Coordinate with auditors and certification bodies.
• Maintain records and documentation to ensure traceability and compliance with ISMS requirements.

Training and Awareness:

• Provide training to staff and management on information security best practices, policies, and compliance requirements.
• Promote a culture of information security awareness across the organization.
• Support the creation of an internal security awareness program.

Incident Response and Management:

• Assist in the development and testing of incident response plans.
• Provide guidance and support in handling information security incidents.
• Ensure incidents are documented and reported in accordance with regulatory and contractual obligations & assist in post-incident analysis to determine the cause and recommend preventive actions.

Continuous Improvement:

• Define and monitor ISMS-related KPIs and metrics.
• Monitor and report on the performance of the ISMS, identifying areas for improvement.
• Monitor compliance with security policies and procedures.
• Lead regular internal audits to assess the effectiveness of the ISMS.
• Recommend and implement improvements based on audit findings, risk assessments, and evolving industry practices.
• Keep up-to-date with emerging threats, vulnerabilities, and regulatory changes.

Vendor and Third-Party Risk Management:

• Assess and monitor third-party vendors and service providers for information security compliance.
• Assist in the integration of ISMS controls intothird-party contracts and SLAs.

Key Relationships

Key Relationship 1

• This role plays a critical role in managing and maintaining relationships with both internal and external stakeholders.
• These interactions are essential for ensuringthe organization’s security posture is robust and aligned with its strategicobjectives.