To safeguard technology infrastructure and any privileged or proprietary information that the business possesses; to provide guidance and management for all information security needs
Knowledge
- Knowledge of and experience in developing and documenting security architecture and plans, including strategic, tactical and project plans
- A strong understanding of the business impact of security tools, technologies and policies
- Familiarity with applicable legal and regulatory requirements
- Familiarity with the principles of cryptography and cryptanalysis
- An understanding of operating system internals and network protocols
Experience
- Experience with common information security management frameworks, such as International Standards Organization (ISO) 2700x, the IT Infrastructure Library (ITIL) and Control Objectives for Information and Related Technology (COBIT) frameworks
- Experience in leading communications with senior stakeholders
- Previous management experience and strong leadership abilities, including the capability to develop and guide information security team members and IT operations personnel, and work with minimal supervision
- Proficiency in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies
- Strong analytical skills to analyse security requirements and relate them to appropriate security controls
- Experience in application technology security testing (white box, black box and code review)
- Experience in system technology security testing (vulnerability scanning and penetration testing)