Ensures the implementation of the organisation’s information security policy by the secure and appropriate use of ICT resources.
Defines, proposes and implements necessary information security techniques and practices in compliance with information security standards and procedures. Contributes to security practices, awareness and compliance by providing advice, support, information and training.
- Evaluate information security risks, threats and consequences and take appropriate action
- Provide information security training and education
- Provide technical validation of security tools, implement, configure and manage appropriate tools
- Contribute to the definition of and actively promote information security standards and procedures throughout the IT and IT user communities
- Identify and remediate security vulnerabilities
- Monitor security developments to ensure the continued efficiency and effectiveness of information security processes and controls
- Proactively evaluate new threats and counter potential information security incidents
Implements security techniques on all or part of an application, process, network or system within area of responsibility
Exploits wide ranging specialist knowledge of new and emerging technologies, coupled with a deep understanding of the business, to envision and articulate solutions for the future. Provides expert guidance and advice, to the leadership team to support strategic decision-making.
Applies independent thinking and technology awareness to lead the integration of disparate concepts for the provision of unique solutions.
Exploits depth of expertise and leverages external standards and best practices.
Acts creatively to analyse skills gaps; elaborates specific requirements and identifies potential sources for training provision. Has specialist knowledge of the training market and establishes a feedback mechanism to assess the added value of alternative training programmes.
Decides on appropriate actions required to adapt security and address risk exposure. Evaluates, manages and ensures validation of exceptions; audits ICT processes and environment.