Information Security Manager

Information Security Manager

Responsibilities

Strategic Leadership & Governance

• Develop and maintain The Companys enterprise-wide cybersecurity strategy aligned with business objectives and regulatory requirements.

• Establish and enforce security governance frameworks policies and standards.

• Ensure alignment with the NIST Cybersecurity Framework (Identify Protect Detect Respond Recover) and Joint Security Standards.

• Lead the implementation of relevant security compliance initiatives.

• Collaborate with divisional CIOs and executive leadership to align security posture across business units.

• Monitor emerging threats regulatory changes and industry trends to inform strategic decisions.

Architecture & Identity Management

• Design secure solutions for hybrid environments (on-premises Azure).

• Integrate security into infrastructure and application projects.

• Manage identity and access controls including Azure AD MFA and privileged access management.

Security Operations

• Manage day-to-day security monitoring incident handling and threat intelligence.

• Administer Microsoft 365 security features: Defender for Endpoint Purview Sentinel Conditional Access etc.

• Ensure endpoint network and cloud security controls are effectively implemented and monitored.

• Implement and enforce BYOD policies including MDM DLP and secure access controls.

• Secure branch office networks including firewalls VPNs segmentation and remote access protocols.

Financial Management

• Develop and manage the annual cybersecurity budget including licensing tools training and consulting services.

• Track and report on security-related expenditures ROI and risk mitigation outcomes.

• Support procurement and vendor management for security solutions.

Cyber Security Operations Center (SOC) Oversight

• Oversee 24/7 SOC operations to ensure effective threat detection incident response and escalation.

• Define SOC roles workflows and incident response playbooks.

• Integrate SIEM SOAR and threat intelligence platforms for proactive defense.

• Monitor and improve KPIs such as MTTD (Mean Time to Detect) and MTTR (Mean Time to Respond).

• Coordinate with external threat intelligence providers and law enforcement when necessary.

Security Technology Lifecycle Management

• Oversee the deployment maintenance and upgrade of security technologies including Microsoft 365 E3/E5 and Hailstone platforms.

• Ensure timely patching configuration updates and feature adoption.

• Maintain compatibility and integration of security tools with The Companys hybrid infrastructure.

• Document system configurations and update operational procedures regularly.

Risk Management & Compliance

• Conduct regular risk assessments vulnerability scans and penetration tests.

• Ensure compliance with POPIA GDPR NIST CSF JSS and other relevant regulations and frameworks.

• Maintain a risk register and track mitigation actions.

• Coordinate internal and external audits and ensure timely remediation of findings.

Awareness Education & Training

• Lead organization-wide cybersecurity awareness programs.

• Deliver targeted training for IT business and executive teams.

• Promote secure behavior and incident reporting culture.

Team Leadership & Culture

• Build and lead a high-performing cybersecurity team including SOC analysts engineers and compliance specialists.

• Define clear roles responsibilities and performance expectations.

• Conduct regular coaching performance reviews and career development planning.

• Foster a culture of accountability innovation and continuous improvement.

• Promote cybersecurity awareness and ownership across all departments.

Reporting

• Prepare operational and executive-level reports on security posture risk exposure and compliance status.

Minimum Requirements

• Bachelors degree in Computer Science Information Technology or related field.

• 8 years of IT Security experience with at least 5 years in a leadership role.

• Industry-recognized certifications: CISSP CISM or equivalent.

• Microsoft Certified: Cybersecurity Architect Expert.

• GIAC Security Operations (GSOM) or equivalent SOC certification.

• Familiarity with scripting (PowerShell Bash) and automation tools.