Job Description
We are seeking an experienced and skilled IT Security Manager to oversee the security of our IT infrastructure and operations, ensuring the protection of critical payment systems and company information assets. The ideal candidate will possess a strong background in IT security practices, security governance, and vulnerability management. This role will require managing and maintaining IT security operations, overseeing security policy implementation, and ensuring compliance with industry security standards such as ISO 27001:2013.
Key Responsibilities:
- Security Management for Payment Systems:
Oversee quarterly checks for critical payment systems, ensuring payment token/certificate reviews and assessments are carried out on time and in compliance with security policies. - Configuration Management:
Demonstrate comprehensive knowledge of security configurations across complex IT environments, including VMware Server Farms, Networks, Windows Active Directory, Identity and Access Management (IAM), and IT patch management. - Security Operational Procedures:
Manage and update IT Security operational documentation and procedures, ensuring alignment with local, regional, and Head Office security policies (HOP’s and IOP’s). - Security Incident Management:
Manage and address IT security issues and incidents, ensuring adherence to security principles, policies, and best practices. - Vulnerability and Threat Management:
Oversee vulnerability management and security threat prevention across information assets. Ensure systems, infrastructure, and applications are regularly patched from a security perspective and that proactive threat assessments are conducted. - IT Security Governance:
Develop, update, and enforce IT Security procedures, manage threat scenario testing, evidence gathering, and threat prevention activities. Ensure compliance with industry standards and frameworks, such as ISO 27001:2013. - Internal Security Exercises and Reviews:
Lead the creation and execution of internal security tabletop exercises, conduct internal security evidence reviews, and ensure the identification and mitigation of security gaps. - Change and Release Management:
Responsible for IT Incident, Change, and Release Management in relation to security reviews during IT Change Advisory Board (CAB) meetings. - Application System Updates and Patches:
Execute application system updates, patches, and new releases based on internal IT requests, ensuring minimal security vulnerabilities. - Security Tools and Software Management:
Manage security tools and software, including Security Patch Management, Network Configuration Management (NCM), Privileged Access Management (PAM), Security Information and Event Management (SIEM), Vulnerability Management tools, and IT Security Audit tools.
- Educational Requirements:
A relevant tertiary qualification in Information Technology, Cybersecurity, or a related field.
OR
Security certifications such as CISSP, CISM, CISA, or other industry-recognized IT security certifications are highly desirable. - Experience:
At least [X] years of experience in IT Security, with a strong focus on security management within complex IT environments (e.g., VMware, Active Directory, Identity and Access Management, Patch Management, etc.).
Proven experience in managing security for critical payment systems and security patch management processes. - Technical Skills:
- Strong expertise in Windows Operating Systems, VMware virtualization administration, and VDI (Horizon).
- In-depth knowledge of IT Security frameworks (ISO 27001:2013, etc.), vulnerability management, and IT security incident management.
- Hands-on experience with security management tools and solutions (SIEM, PAM, NCM, Vulnerability Management, etc.).
- Solid understanding of network security, firewall management, and infrastructure security.
- Soft Skills:
- Excellent communication and interpersonal skills to collaborate effectively across teams.
- Strong problem-solving ability and attention to detail.
- Proven leadership and management experience in an IT security context.
- Ability to work under pressure and handle multiple priorities effectively.
- Ability to manage IT security-related tasks within a regulated environment.
- A proactive approach to identifying potential security threats and vulnerabilities.
- Willingness to engage in continuous professional development to stay ahead of emerging threats and technologies.
