Information Security Compliance Manager Group Risk, Capital & Procurement
Job Advert Summary
This position reports into Head of Information Governance, Risk & Compliance. This role is responsible for defining, implementing and measuring Information Security efforts across the Pick n Pay Group with a primary focus on security compliance efforts aligned to PCI DSS and POPIA as well as leveraging off IT Security Operations and Architecture team activities to provide Information Security risk management expertise to BU Risk Officers, and IT Management.
Apply for other jobs below
Duties & Responsibilities
Drive the execution of annual Information Security plan and roadmap in support of a sustainable and measurable Information Security effort. Regularly report on the status of the Information Security plan, benchmark comparisons, security weaknesses and security incidents. Develop a program of work to provide regular assurance and reporting of compliance with all required security safeguards, with specific focus on security safeguards required by PCI-DSS and data protection as well as identified audit findings and risks. Work closely with IT architects, SecOps and functional area specialists to ensure adequate security solutions are in place for current systems and platforms to mitigate identified risks sufficiently, and to meet business objectives and regulatory requirements. Manage identified risks within area of responsibility including keeping Information Risk Manager abreast of new threat actors / vulnerabilities which need to be tracked via the IS Risk Register. Create and maintain PnP security standards and baselines with input from Architecture, SecOps and third parties to arrive at agreed PnP customised processes. Ensure adherence to / enforcement of Group Information Security Frameworks, Policies, Standards, Guidelines and key controls. Plan, track and escalate issues arising from vulnerability management and penetration testing programs. Effectively lead and manage security incident response investigations and related events as well as issue incident notification reports. Lead and support daily/weekly/monthly operational IT security support services such as SecOps, Managed Security Services, etc. Maintain up to date knowledge of Information Security and related IT security best practices, including the evaluation of relevant emerging technologies, opportunities and threats. Actively promote the importance and value of good Information Security practices across the Group. Liaise with and offer expertise on Information Security to the business, IT department, and related functions (such as Group Risk, HR, Legal and Compliance). Act as the key liaison between PCI DSS QSA and Management as it relates to PCI DSS and P2PE attestations.
B Honours degree (BCom / BSc) or other Information Technology related degree required Relevant professional certification(s) e.g. CISSP / ISO27001(2) Lead Implementer Other relevant certifications an advantage: CEH / CRISC / CCTP / QSA, etc. Proven experience in Information and IT Security Assessments, Security Architecture, and overall Security Advisory Understanding of relevant frameworks, guidelines and standards (ISO27001/2, PCI-DSS, OWASP, etc.) Understanding of relevant regulatory requirements and standards such as PCI, POPIA, KING, EMV, etc. Minimum of 7 years’ work experience with at least 2 years management experience.
Highly motivated, results orientated and self-directed individual A good balance of both business and technical knowledge. Ability to work both independently and as part of a team (interpersonal and collaborative skills) to deliver quality work product in a timely fashion in a fast-paced environment. Ability to cope in high pressure environment and required to respond to urgent matters outside of working hours. Ability to maintain strict confidentiality. Strong sense of accountability and operational excellence Well organised with strong attention to detail and accuracy Excellent planning and time management skills People Orientation Team player
Competency based interview to assess above requirements