Team Lead: Cybersecurity GRC at Engen

Purpose of the Job

• To provide leadership on Cybersecurity Governance, Risk and Compliance through implementing, maintaining, and supporting the adopted IT/OT Cybersecurity Governance and Risk Management Framework, methodologies, and tools, including the Information Security Management System (ISMS) and by performing Cybersecurity business impact assessments for new and existing digital solutions, departmental information systems, and vendor risk assessments in order to reduce cybersecurity threats and risk within the organisations risk thresholds.

Who You Are:

• You have minimum of 8 years’ experience across Information Technology, Cybersecurity, IT Governance and Risk or IT Audit Management
• You stay on top of the emerging threats, trends and technologies and keep an eye out for any threats and risks that might impact business objectives
• You have worked with and understand IT security governance, risk and compliance requirements and have led and implemented security programs using Security Governance, Controls and Risk Frameworks, standards and methodologies
• You have had experience managing business relationships, internal employees and service contractors
• You have had experience in managing specialists

What you’ll have done before:
Baseline:

•     NQF Level 7 (Degree in IT or related equivalent qualification)
•     8 years’ experience across Information Technology, Cybersecurity, IT Governance and Risk management or IT audit management with at least 2 years in a senior role i.e. Team Lead, Principal IT Governance Specialist, IT Audit Manager
•     Experience in leading, developing and maintaining a comprehensive company-wide cybersecurity governance and/or risk management framework
• Experience managing, planning, implementing and monitoring a company-wide cybersecurity awareness and training program

Advantageous:

•     Post graduate qualification in a related field
•     ITIL and/or CobIT Foundation Certification
•     Lean 6 Sigma Certification
•     Certifications in CISM/ CISSP/ CRISC/ CISA
•     Experience working in a complex integrated technology environment with understanding of Oil & Gas/ Retail industry  
   

Exciting Challenges you might face in the role

•     Working in a complex and hybrid environment and integrating new technologies i.e. On premise and cloud services
•     Manage and mentor the Risk practitioners, Security Specialists and IT Service Continuity Specialists

What you’ll be doing:
CYBERSECURITY GOVERNANCE, COMPLIANCE & ASSURANCE: 

•     Align cybersecurity governance with business objectives, strategy, and architecture
•     Drive cybersecurity programs and create awareness of the objectives and stakeholder impacts 
•     Develop and maintain key cybersecurity artefacts including policies, frameworks, guidelines, and standards, including performance metrics 
•     Deliver executive reporting and insights within required timeframes
•     Collaborate with internal audit to develop, manage, and implement the combined assurance plans 

INFORMATION SECURITY MANAGEMENT SYSTEM (ISMS)

•     Align Engen’s ISMS with international best practice and/or industry standards

CYBERSECURITY RISK MANAGEMENT 

•     Lead, develop and maintain a comprehensive company-wide cybersecurity risk management framework and capability that effectively assesses risks, and maintains cybersecurity risk within the corporate risk appetite
•     Drive adoption of the cybersecurity risk framework throughout the organisation through training and facilitation sessions 
•     Report on cybersecurity risks to diverse audiences and stakeholders
•     Assess cybersecurity related vendor risks using the cyber risk methodology 

BUSINESS CONTINUITY AND IT SERVICE CONTINUITY MANAGEMENT

•     Use the Business Continuity Management (BCM) and IT Service Continuity Management (ITSCM) capability to develop a resilient business operations capability in a world of increasing risk

AWARENESS AND TRAINING

•     Manage, plan, implement and monitor the Engen-wide cybersecurity awareness and training program