IT Project Manager

The IT Project Manager’s duties will include, but are not limited to:

• Managing all projects related to IT and ISO 27001
• Maintaining the internal IT infrastructure.
• Conducting SOX audits
• Implementing security controls, risk assessment frameworks, and programs which align to regulatory requirements, ensuring documented and sustainable compliance that aligns and advances the organisation and its’ clients’ objectives
• Evaluating risks and developing security standards, procedures, and controls to manage risks
• Ensuring process improvement, policy, automation, and the continuous evolution of capabilities.
• Implementing processes within the organisation, as well as for its clients, such as GRC (governance, risk and compliance), to automate and continuously monitor information security controls, exceptions, risks, testing
• Developing reporting metrics, dashboards, and evidence artifacts
• Defining and documenting business process responsibilities and ownership of the controls in the GRC tool
• Scheduling regular assessments and testing of effectiveness and efficiency of controls and creates GRC reports for the organisation, as well as its clients
• Updating security controls and providing support to all stakeholders on security controls covering internal assessments, regulations, protecting Personally Identifying Information (PII) data
• Performing and investigating internal and external information security risk and exceptions assessments. Assess incidents, vulnerability management, scans, patching status, secure baselines, penetration test result, phishing, and social engineering tests and attacks
• Documenting and reporting control failures and gaps to stakeholders
• Providing remediation guidance and preparing management reports to track remediation activities
• Assisting clients and other staff in the management and oversight of security program functions
• Training, guiding, and acting as a resource on security assessment functions to clients
• Remaining current on best practices and technological advancements and acting as the organisation’s technical resource for security assessment and regulatory compliance

Key knowledge areas:

• Applicable information security management, governance, and compliance principles, practices, laws, rules and regulations;
• Information technology systems and processes, network infrastructure, data architecture, data processes, and protocols;
• Cyber and cloud security standard frameworks, architecture, design, operations, controls, technology, solutions, and service orchestration;
• Information systems auditing, monitoring, controlling, and assessment process;
• Incident response management;
• Risk assessment and management methodology

Key skills requirements:

• Developing and implementing enterprise governance, risk, and compliance strategy and solutions;
• Researching and locating information related to internal and external organisations using online and other sources;
• Security project management and planning;
• Maintaining confidentiality;
• Troubleshooting and operating a computer and various software packages;
• Defining problems, collecting and analysing data, establishing facts and drawing valid conclusions;
• Using judgement and ingenuity in maintaining objectives and technical standards.

The ideal candidate should have the ability to:

• Effectively communicate technical issues to diverse audiences, both in writing and verbally;
• Apply a risk-based approach to planning, executing, and reporting on audit engagements and auditing processes;
• Evaluate and update and/or revise program materials;
• Learn quickly and apply knowledge to new situations;
• Handle sensitive and confidential matters, situations, and data;
• Understand and follow broad and complex instructions;
• Interact positively with all relevant parties in order to enhance effectiveness and to promote quality service;
• Comprehend technical language and to confer, analyse and write in an objective, clear manner;
• Work independently and prioritise multiple tasks and adapt to needed changes;
• Remain calm under pressure

Minimum Experience and Qualifications Required:

• Tertiary qualification in Computer Science, Computer Engineering, Network Engineering, Cyber Security or any other related field
• Certificates in cyber security, governance or any other related fields
• Minimum 3 (three) years’ proven work experience in a similar role
• ISACA Certification (CISA/ CRISC/ CISM/ CGEIT/ CSX-P/ CDPSE) will be an added advantage
• Sharepoint development experience will be an added advantage
• Experience with ISO 27001:2013 will be an added advantage
• Valid driver’s licence