Security Program Management

• Oversees and acts as a key stakeholder in managing the organisations’s information security program
• Delivers a “Centre of Excellence” for information security, offering internal consultancy, advice and pragmatic assistance on information security risk and control matters throughout the organisation
• Promotes the advantages of managing information security risks more efficiently and effectively.
• Manages employees (direct & indirect), infrastructure, policy enforcement, emergency planning,
• security awareness, and/or other resources.

Risk Management

• Oversees, evaluates, and supports the documentation, validation, and accreditation processes necessary to ensure new and existing information technology (IT) systems meet the organisation’s information assurance and security requirements.
• Ensures appropriate treatment of risk, compliance, and monitoring assurance from internal and external perspectives.
• Maintains a regional risk register and reports to Risk & Compliance manager as defined.

Information Systems Security Operations

• Oversees and ensures that the appropriate operational security posture (e.g., network and system security, physical and environmental protection, personnel security, incident handling, security training and awareness) is implemented and maintained for an information system and or programs.
• Provide subject matter expert (SME) advice on information security matters such as emerging security risks and relevant security controls.
• Consults with stakeholders (group/regional Legal, Compliance & Privacy Officers, Sales & Product Management) to guide, gather and support business requirements pertaining to information security.

Vulnerability Assessment and Management

• Conducts threat and vulnerability assessments and determines deviations from acceptable configurations or policies.
• Assesses the level of risk and develops and/or recommends appropriate mitigation countermeasures in operational and non-operational situations.

Enterprise Network Defence Analysis

• Uses defensive measures and information collected from a variety of sources to identify, analyse, and report events that occur or might occur within the enterprise network in order to protect information, information systems, and networks from threats.

Systems Security Analysis

• Conducts and documents the systems integration, testing, operations, maintenance, and security of an information environment.
• Coordinates risk, threat and mitigation strategies across the enterprise.

Systems Requirements Planning

• Consults with stakeholders to guide, gather, and evaluate functional and security requirements.
• Translates these requirements into guidance to stakeholders about the applicability of information systems to meet business objectives.
• Provides strategic direction for the function, ranging from planning and budgeting to the value of information security & certification

Incident Response

• Responds to security breaches to mitigate immediate and potential threats.
• Uses mitigation, preparedness, response and recovery approaches to minimise business disruptions & commercial consequences.
• Initiates problem management processes to ensure compliance to policy and ITSM processes.
• Investigates and analyses relevant response activities and evaluates the effectiveness of and improvements
• to existing practices.

Digital forensics

• Collects, processes, preserves, analyses, and presents digital-related evidence to support network vulnerability mitigation and/or civil, workplace, counterintelligence, or law enforcement (e.g., criminal, fraud) investigations.

Cyber security investigations

• Applies tactics, techniques, and procedures to a full range of tools and processes related to administrative, criminal, and counter intelligence gathering (e.g., in-depth case analyses, continuous monitoring, malware analysis, clear documentation).