The purpose of this role is to support the Technology & Information System Division on all security related functions. Responsible for monitoring and upkeep MDEC on matters pertaining to the security operations, risk, policy and governance and ensure MDEC’s computers, networks and data is protected against threats, such as security breaches, computer viruses or attacks by cyber-criminals. To implement the security policies, regulations, rules, and norms and make sure that MDEC is safe for employers and visitors.
DUTIES AND RESPONSIBILITIES
- IT Infrastructure and Information Security
-Establish an information security management and protection framework for an effective enterprise wide Information Security Program; serve as a consultant to business- area leaders
-Identify, evaluate, and assist with the implementation of an information governance solution to provide systemic monitoring of the Information Security program.
-Manage day-to-day activities, including policies, procedures, training and communication regarding the Security Program.
-In conjunction with Group Legal and Group Compliance identify information management and protection laws and regulations and implement actions to ensure compliance.
-Develop, implement and maintain the policies, systems, and procedures for the management of recorded information throughout its life cycle.
- Provide security assurance that the network, system and application infrastructures are properly implemented and managed as per industry standards and best practices from the Technology Risk Management perspective.
-Manage the current and future endpoint protection solution of MDEC for ensuring the unrivalled security protection from malware, viruses and various dynamic endpoint security threats at the user workstations and mobile devices as per MDEC’s End User Security Policy.
2. Incident Management
-Lead the in-house incident management process to monitor, track, and record and effectively response to the security threats and incidents.
-Develop a multi-tier incident response and escalation structure for incident notification and reporting, onsite incident investigation and workaround deployment.
-Manage the onsite consultants to assist in root cause analysis, forensic or post mortem analysis of any severe incident.
-Facilitate the coordination and tracking of the incident status and escalation workflow.
3. Threat Intelligence and Vulnerability Management
-Manage the continuous development of the security threat detection rules and policies for the Enterprise 360 Security Monitoring
-Provide the security trend analysis and advisory for the targeted and non-targeted threats.
-Conduct a periodical gap analysis and documentation compliance review on MDEC’s current IT Security Policy as per standard
-Annually update or revamp IT policies and procedures and to develop any new policies and procedures to meet the ISO/IEC 27001:2013 requirements.
-Lead in the security controls implementation and to ensure that the controls are implemented within the stipulated timeframe.
-Maintain the Master Risk Register and update the risk register and risk treatment plan upon any successful control implementation and review/update the Master Risk Register at least two (2) times a year
-Conduct the policy compliance review and update of security policies and procedures at least two (2) times a year.
5. IT Governance
-The purpose of this role will be to support the Head: Information Security and Governance with all governance and control related functions.
-Ensuring that the respective functional heads have the correct IT Security policies, procedures, standards, and practices in conformance with MDEC IT Governance Framework and mandatory legislation and regulations, in place.
-Define IT RACI charts defining the acceptance of responsibilities in respect of the supply and demand for IT
-Manage day-to-day activities related to developing and advising on the IT Functional Area development of documentation such as policies, standards, procedures and training.
-Perform regular IT Security Assessments for the respective IT Functional Areas.
-Develop a training plan aligned to the IT Security Program for all IT FunctionalAreas based on the defined current Skills Matrix.
6. IT Security Documentation
-Manage of IT Security policies, standards, processes and procedures. The development, enhancement, and maintenance across the documentation management lifecycle
-Exhibit broad knowledge of security and risk frameworks and apply that in reviewing the quality of existing and new documentation
-Recognize and identify potential areas where existing policies, standards and procedures require change.
-Support additional internal and external compliance activity as part of the Information Security team.
-This position will work directly with technical and business leadership across the organization to select, deploy and validate security controls to ensure security and compliance requirements are maintained.
-Subscribe to information security blogs and sector subscriptions to identify new risks and trends that may need to be address in information security policies, procedures and standards.
7. Implement IT Security Risk and Compliance Policy, Standards and Procedures:
-Identify, evaluate, and assists with the implementation of an information Security archival solution to provide systemic monitoring of the Information Security program; serve as a consultant to business-area leaders.
8. Departmental Compliance Officer:
-Ensure security programs follow relevant laws, regulations and policies to minimize or eliminate risk and audit finding, according the requirements defined by Group Compliance
-Ensure that IT staff understand their role in compliance.
-Track and monitor IT Security & Compliance initiatives.
9. IT Audit Management
-Conducting internal assessments of IT Policies, Standards and Process compliance to IT Audit standard
-Manage relationships and interactions with internal and external auditors and risk management bodies and reviewing and reporting on open issues both prior to and after issuance
-Discuss the IT Audit Plan
-Collaborate with Group IT to define audit scope.
-Facilitate all requests for information from Group IT for audits.
-Follow-up and provide feedback on all IT Audit findings by collaboration with IT Management.
-Lead and manage the process of self-assessment as part of the overall IT Governance Framework.
-Performs other related duties as required.
-A Bachelor’s Degree in a related area such as: Computer Science or Information Technology
-Risk-related industry-standard qualifications such as CISSP, ISMS Certified, or CGEIT would be strong recommendation
-Experience in compliance framework for Information Security, Compliance & IT Governance Standards : ISO27001, PCI-DSS, COBIT, King III
Fixed Allowance for managerial level (petrol & car allowances)
Flex-time, Flex-place, Flex-benefit
Casual dress code
Dental & Optical