Information Security Risk Manager at Momentum Metropolitan Holdings Limited

Role Purpose    

• The organization is looking for a highly motivated individual who is able to work at IT Management and Momentum Health Solutios leadership levels to ensure that Information Security risk within the Health business is well managed within the risk appetite of the Health business and that of the Momentum Metropolitan Group; and that the IT first line risk team execute on strategic and operational objectives for the Health IT Information Security.
• The role will be positioned within a team of IT Risk and Governance practitioners who report into the Head of IT Governance, Risk and Compliance.  The team’s purpose is to ensure that industry best practice management controls and risk treatment plans are in place and executed and that required monitoring and reporting on IT risk posture to the Chief Information Officer and the Chief Risk Officer occurs. 
• The candidate is accountable for the development and execution of the Health Information Security capability plan and will work with the Momentum Health Solutions IT Governance and Risk team to ensure that the Information Security strategy is clearly understood and governed and in accordance with the governance capability within the Information Security Management System adopted against ISO27001: 2013.
• As the manager of the Information Security for Health, the candidate is required to work with the IT Senior leadership team to bring clarity to the IT Capability strategy and associated Balanced Score Card, the candidate will hold the responsibility of ensuring that the Information Security Strategy and associated capability plan is aligned to and supports the overarching business and IT strategies.  In terms of operational execution, the candidate will carry the responsibility of working closely with control owners to ensure that identified Information security risk is treated and that controls operate as designed.

Requirements    
Minimum Requirements:

• A degree in Computer Science, or equivalent and relevant qualification at NQF level 8.
• A minimum of 7 years' experience in risk management and control design, 3 years of which should be at management level.
• A minimum of 5 years’ experience working in Information Security, 2 years of which should be in technical or operational capacity.
• Must have managed or participated (at least a team leader) on an initiative to implement an ISO standard.

Desired Skills:

• Information Security
• Governance
• Risk Management
• Stakeholder Management
• Analytical And Problem Solving
• Communication (written and verbal)
• Computer Literacy

Desired Work Experience:

• Health industry – administration of medical aids
• Outsource or supplier of IT services – systems of record, infrastructure or development services
• Client service industry – provision of IT services to call centers

Duties & Responsibilities    
Key Performance Areas:

Information Security Risk Management:

• Monitor, track, and direct reporting on the treatment of Information Security Risk.
• Ensure that the IT Leadership team understand ownership responsibilities and activities required to treat IS risk.
• Consult with the office of the Chief Risk Officer as well as business unit heads and IT leadership on the appropriate treatment of Information and Cyber risk.
• Ensure that the IS capability applies Momentum Metropolitan Health IT Risk Management Policy and that IT Risk management practices as defined by the Chief Risk Officer are adhered to.
• Participate in the review and establishment of IT & IS Risk Management Policies and practices.
• Responsible for the maintenance of a Risk and Controls Register for Information Security work.
• Represent the single point of accountability and contact for IS Risk management issues and concerns for the Health Business Unit.
• Engage at a Client Audit and Risk committee and Client Board level on matters of IS Risk as required by the Client Engagement team.
• Participate in Information Security due diligence work associated with the adoption of SaaS, IaaS or during acquisition of new business partners or 3rd party suppliers.

Information Security:

• Support the Head of IT Governance and Risk with the establishment and maintenance of an Information Security Management System (ISMS) against the adopted ISO27001 :2013 standard.
• Be responsible for ensuring the Cyber Security controls as prescribed by Momentum Metropolitan Health (SANS CIS CSC) are applied and managed within the Health Business.
• Be responsible for ensuring the Technology and Information related controls as guided by ISO27002 :2022 are applied and managed within the Health Business.
• Ensure that Risk Management practices are applied with Information security assessments as prescribed by the CIS Risk Assessment Method.
• Lead and direct the Health Cyber Response team during cyber incidents.
• Lead and direct the Health Security Operations team to ensure that risk treatment and risk operational activities are prioritized and executed in a sequence that introduces the least risk to the organization.

Projects and Group Engagement:

• Work with the Group Information Security team to ensure that Health participates and executes on group driven information security initiatives and projects.
• Ensure that the IT component identified for delivery on strategic projects remains in line with the IT strategy.
• Provide Senior Management and leadership with reporting on Information security risk as required by the ISMS.

Competencies    

• Proven ability to lead and facilitate workshops and engagement sessions.
• Advance knowledge and experience in CISSP, CIS CSC, CISM, CGEIT, CIS RAM, ISO 27 000, and ISO 9001
• Extensive experience in developing and implementation of capability plans related to Information security and IT risk resolution (Treatment plans)
• Stakeholder management – across all levels of an organisation
• In-depth understanding of relevant legislation, policies, procedures, processes, practices related to information security, governance and risk management
• Advance knowledge and experience for planning, organising, and report writing skills
• Exceptional organisational, analytical, interpersonal, and problem-solving skills
• Outstanding communication skills (both verbal and written)
• Excellent computer literacy and experience in the application of software tools including (MS Word, PowerPoint, Excel, Internet and Outlook)

Closing Date    
2023/03/10