Function Specialist: Info & Cyber Mngt





Operating Division:Transnet Rail Infrastructure Manager (TRIM)


Employee Group:Permanent


Department:SP-ICT-Info & Cyber Management-PKT


Location:Parktown


Reporting To:Head: Governance, Risk, Compliance & Cyb


Grade:D


Reference:req4277











The closing date is on . It is the responsibility of the applicant to ensure that HR has received the application before the closing date of the advertisement.



Position Purpose
To ensure that Transnet Freight Rail’s (TFR) business environment is safe, secure, reliable and resilient through provision of capabilities designed to protect Technology, Information assets and Infrastructure resources by:Ensuring strategic alignment of information and cyber security in support of business objectives; ensuring availability, confidentiality, integrity, auditability of the TFR’s information systems; ensuring conformity of applicable laws, regulations and standards as well as preventing non repudiation of computer based activities mechanisms. Assisting the business with the selection and implementation of these solutions.



Position Outputs
Strategy
 Leads the design, development and implementation of Information and cyber Security Strategy for TFR Operations Technology and Business Systems, Platforms and Infrastructure environment in line with Group ICT Information and Cyber Security Strategy
 Lead the design, establishment and implementation of Cyber Security Operations Centre Capabilities designed to ensure monitoring of TFR environment and responsiveness to threats and vulnerabilities identified before an incident occurs.
 Align and oversee that all security requirements are met during the IT Strategic Roadmap implementation.
 Ensure IT strategies and roadmap initiatives support and are aligned to the security frameworks and policies in place.
 Ensure enterprise Information Security Architecture is aligned with IT Strategic Roadmap.
 Develop and communicate security strategies and plans to executive team, staff, partners, customers, and stakeholdersInformation and Cyber Security Management
 Design, Develop and implement information and cyber security framework that adequately addresses the key cyber pillars of Identify, Protect, Detect, Respond and Recover in line with best practice frameworks such as COBIT, NIST, ISO and SABSA / TOGAF.
 Oversee and direct information and cyber security activities to execute the information security programme.
 Lead the TFR IT security team: plan, organize, assign, supervise and monitor the work of team members
 Ensure that the rules of use for information systems and the administrative procedures for information systems comply with the TFR’s information security policies.
 Ensure that services provided by other enterprises, including outsourced providers are consistent with established information security policies. Define and maintain the security frameworks for Information Security Architecture, Information Security Management and Information Security Technical Operations.
 Establish constant vigilance over critical information assets.
 Manage the administration of all computer security systems and their corresponding or associated software, including firewalls, intrusion detection systems, cryptography systems, and anti-virus software.
 Manage the administration of the facility’s security systems and their corresponding equipment or software, including fire alarms, locks, intruder detection systems, sprinkler systems, and anti-theft measures.
 Support CIO by managing the IT security architecture through effective information security management and technical security operations functions. Establish, control and manage effective mechanisms for resolving all Information security breaches and challenges for TFR.
 Ensure effective management of access to information.
 Ensure effective information security architectures supported by management and technical operations functions.
 Ensure a formal set of processes are in place by which TFR can identify various IT security concerns, gaps and remedial actions to ensure the security of IT operations.
 Define and communicate corporate plans, procedures, policies, and standards for the organization for acquiring, implementing, and operating new security systems, equipment, software, and other technologiesPolicies and Procedures
 Ensure effective IT security frameworks, policies and procedures are in place and updated when necessary.
 Ensure security policies/procedures are defined and implemented across business units and processes.
 Provide Management Information/Reports to the CIO and Business, where necessary, on the status of Information Security and relevant information.Reporting
 Management and Reporting on information security, cyber breaches and risk mitigation.
 Create a culture of high performance, value-for-money, optimisation and innovation in Information and Cyber Security function and manage performance of the team effectively.People Management
 Plan, organise, lead and control subordinate's activities to ensure sub-functional objectives are met or exceeded.
 Manage people development initiatives, succession planning, talent management and performance management to meet functional performance standards.
 Coach team and create a pro-learning environment. Assess team development needs and close gaps.
 Provide technical / professional support to internal and external stakeholders to ensure achievement of functional and organisational objectives.Stakeholder Management
 Build, support and maintain healthy, diverse internal and external relationships (government, authorities and agencies) to ensure achievement of organisational goals. Implement remedial actions where required.Governance /Compliance/Risk
 Monitor and ensure adherence to statutory regulations, organisational standards, policies and procedures.
 Ensure remedial actions are implemented timeously to address non-conformances.
 Establish and maintain a framework to provided assurance that information security strategies are aligned with business objectives and consistent with applicable laws and regulations.
 Identity current and potential legal and regulatory issues affecting information and cyber security and assess their impact on the TFR business and operations.
 Establish and maintain information security policies that support business goals and objectives.
 Identify and manage information security risks to achieve business objectives:
 Develop systematic, analytical and continuous risk management process.
 Ensure that risk identification, analysis and mitigation activities are integrated in projects and processes life cycle.Identify and analyze risks through suitable and recommended methods
 Ensure effective and regular communication of new statutory regulations, organisational standards, policies and procedures to ensure full awareness amongst stakeholders.
Financial Management
 Develop and manage OPEX budget.
 Track and monitor expenditure.
 Provide input into ICT overall budget including CAPEXInformation and Cyber Security Programme Management
 Design, develop and implement execution of the information and cyber security programme in line with the ICS Strategy and Roadmap
 Establish and maintain plans to implement the information and cyber security governance framework.
 Design, develop and implement information and cyber security awareness mindset and culture to ensure that business users are vigilant and cyber threat aware.
 Define annual information security budget and obtain Information Security Steering Committee approval.
 Establish and manage capability to response to and recover from disruptive and destructive information systems events:
 Design, elaborate and implement processes for detecting, identifying and analyzing security related events. Develop response and recovery plans including organizing, training, and equipping teams.
 Ensure periodic testing of the response and recovery plans where appropriate.
 Remain informed on trends and issues in the security industry, including current and emerging technologies and prices. Advise, counsel, and educate executive and management teams on their relative importance and financial impact.Response Management
 Design, develop, coordinate, maintain and supervise implementation of Information and Cyber Security Response Plans in case of Cyber Security Incident.
 Develop response and recovery plans including organizing, training, and equipping teams.
 Establish and manage capability to response to and recover from disruptive and destructive information systems events:
 Design, elaborate and implement processes for detecting, identifying and analyzing security related events.
 Ensure periodic testing of the response and recovery plans where appropriate.



Qualifications and Experience
Qualifications & Experience:
• Bachelor’s Degree or Equivalent qualification in Information Technology and/or Computer Science
• Post-Graduate qualification an added advantage

Certifications (at least one of the certificates issued by a recognized professional organization)
• A Certified Information System Security Professional (CISSP) and/or
• Certified Information Security Manager (CISM) and /or equivalent certification from a recognised professional organisation is required.

Minimum 8 – 10 years experience in Information and Cyber Security Discipline within IT and business/industry work experience including design and deployment of Information and Cyber security programmes, Cyber Tools lifecycle management in line with Information and Cyber Security Architecture Strategy and Roadmap.
At least 3 years of experience must be in a leadership position managing multiple large, cross-functional teams or projects, and influencing senior level management and key stakeholders.
• Requirement of trust and honesty in the handling of finances as per the National Credit Act Amendment 19
• Must undergo Lifestyle Audit
General:
• Valid Drivers License Code ’08
• Willing to Travel




Competencies
• Strategy & Sustainability.
o Strategic Thinking: Implements strategies and business plans to achieve the overall organisations direction
o Commercial awareness: Keeps abreast of internal and external factors that can impact the business.
o Innovating: Generates new ideas or solutions by thinking ""outside of the box""; reviews current processes or systems and identifies ways to optimise them.

• Business Performance and Delivery
o Lead Business Performance: Supports the business to be more efficient and effective.
o Business Acumen: Understands and deal with various business situation using obtained knowledge and a broad spectrum of expertise.
o Analysing: Thinks in a systemic way but is open to new approaches.

• Relationship Management
o Communicating Effectively: Communicates the business strategy and objectives in a clear and manner.
o Collaborating and Networking: Build wide and effective relationships with people inside and outside of the organisation to deliver on Project Factory initiatives.

• Corporate Governance & Compliance
o Leading Governance: Always work in the best interest of the organisation and aligns business practices to the ethical obligations and good corporate governance.
o Leading Risk Management: Identifies areas of risks and implements corrective actions to mitigate the impact of risks to ensure overall sustainability.

• Personal Mastery
o Learning and Applying Expertise: Dedicated to continuous learning and self-improvement.
o Resilience: Manages pressure effectively and copes well with criticism and setbacks.
o Emotional Intelligence: Is aware of own leadership styles and is able to adapt style to enhance team and business performance.
o Vigour & Personal Drive: Accepts and tackles demanding goals with enthusiasm. Works hard and shows energy and persistence to achieve high quality results. Is a role model for others who strive for personal excellence.



Equity Statement
Preference will be given to suitably qualified Applicants who are members of the designated groups in line with the Employment Equity Plan and Targets of the Organisation/Operating Division.


Disclaimer
If you have not heard from Transnet within 90 days, please consider your application as unsuccessful.
Transnet, its employees or representatives never ask for a fee from job seekers. Any such requests are fraudulent. Please report any suspicious activities in this regard to the Transnet anti-fraud line on 0800 003 056 or email reportit@ethicshelpdesk.com