Manager : IT Security and Monitoring

Applications are invited for the position of Manager : IT Security and Monitoring (Peromnes Grade 7) based at Head Office, Bruma. The successful applicant will be reporting to the Head of SecDevOpsPurposeTo provide assurance that ATNS information assets are adequately protected through the development, establishment and maintenance of enterprise-wide information security governance and protocols that include IT security policies, technology, compliance, and cybersecurity operational intelligence plans and initiatives. To develop and implement risk-based cybersecurity governance and protocols able to protect the organisation’s data and information at all times. To manage and ensure compliance with relevant legislation and Technology & Information standards, protocols and governance requirements. To develop data governance frameworks to ensure data security and the optimisation of data confidentiality, integrity and availability. To provide assurance that best practice control objectives for system integrity, availability, confidentiality and accountability are met. To ensure a secure, reliable and stable IT environment through the continuous scanning and monitoring of all IT cyber security domains, i.e. networks, firewalls, anti-virus, mobile devices, patch management, and the regular updating of network anti-virus spyware, malware and greyware software. To manage security platforms and identify and mitigate cyber security risks through the deployment of effective technologies, processes, and the creation of awareness. To ensure continuous vulnerability management on CNS systems by performing regular cybersecurity obligations, threat context. and exposure and risk to establish maturity. To investigate security incidents / events in order to ensure that the IT security posture remains intact and to improve the security status of the organization. To ensure that identified Business Continuity risks are mitigated and addressed and that data recovery plans are in place to ensure business continuity in case of a disaster of any kind. To develop, implement and monitor information security and disaster recovery plans for organisational information, communications and information technology in accordance with ATNS and regulatory information security standards and relevant governance requirements. To ensure the implementation of awareness campaigns, and that implementation of ATNS Safety, Security, Health and Environment Plan initiatives are enforced across the organization.

Cyber Security Management – Develop and implement risk-based cybersecurity strategy, governance and protocols able to protect the organisation’s data and information at all times. Manage cybersecurity threats and incidences through the understanding, detection and analysis of potential emerging and actual information security threats and vulnerabilities, and the implementation of control measures to minimize or avoid the impact thereof on systems availability and business operations. Lead and direct the selection, utilisation and adoption of cybersecurity products and associated licensing models for the organization. Guide the development of monitoring and tracking systems for potential and emerging cybersecurity threats and control measures and manage cyber incidents efficiently to minimize its impact on the availability of systems and disruption of business operations. Manage the operations and controls of the Information Security Management System (ISMS) in line with KING III and ISO 27000. Manage the implementation of key information security projects. Obtain internal and external security intelligence for investigation of security incidents. Manage investigations, responses and actions of information security incidents. Write incident reports and submit to the Head for decision‑making purposes. Identify, apply and ensure adherence to good information security practices. Source and implement security measures to required business standards and requirements. Ensure that identified Business Continuity risks are mitigated and addressed. Investigate calls related to the recovery of deleted files by analysing and interpreting data linked to crime, and uncovering links between events, groups and individuals through the pursuit of data trails. Maintain detailed records of investigations for audit purposes and to be used as evidence in court.

Monitoring

Manage the continuous scanning and monitoring of all IT cyber security domains, i.e. networks, firewalls, anti‑virus, mobile devices, patch management. Ensure regular updating of network anti‑virus spyware, malware and greyware software. Ensure continuous management and monitoring of threats and vulnerabilities. Analyze and assess potential security risks, develop plans and put measures in place such as firewalls and encryption, and monitor and audit systems for abnormal activity to deal with security incidents. Make recommendations based on various monitoring outputs to improve the security status of the organization. Scan and monitor all IT cyber security domains on a continuous basis. Monitor the governance aspects related to ICT security within ATNS to ensure the security of data and information and that required standards are maintained. Monitor adherence to policies and processes related to ICT Security. Ensure that routine standard operating procedures are documented, kept up to date and followed. Prepare ICT security reports for the Integrated Security Forum. Ensure continuous vulnerability management on CNS systems by performing regular cybersecurity obligations, threat context and exposure and risk to establish maturity. Support the use of secure private cloud‑based SaaS, PaaS and IaaS solutions, leveraging enterprise agreements where possible to advance the ATNS cloud strategy. Monitor and ensure that security is an intrinsic element in ATNS software development processes. Keep abreast of technology trends, local and global regulatory requirements, and best practices in solution delivery and application management.

Security Investigation Management

Manage the investigation of security incidents / events to ensure that the IT security posture remains intact. Ensure that forensic investigations receive the support required. Operate and control the Information Security Management System (ISMS) in line with KING III and ISO 27000 governance requirements. Manage the implementation of key information security projects. Conduct information gathering on internal and external security intelligence for investigation into security incidents. Write incident reports and submit to the Head for decision‑making purposes. Identify and implement suitable tool sets to manage the security environment. Ensure effective management of security events.

Stakeholder Relations Management

Maintain constructive and productive stakeholder relations across the business, and with vendors and relevant external parties to support collaboration and alignment. Manage outputs by third‑party suppliers to ensure optimum value.

Governance, Compliance, Risk Management & Reporting

Develop, implement and manage organisation‑wide ICT security processes, programmes and controls to ensure the availability, integrity and confidentiality of information resources. Ensure compliance with all IT policies, procedures and standards relating to IT Security Systems with applicable security governance and standards. Manage configuration and change control records with regards to IT Security Systems activities. Ensure and report on IT DRP exercises that are conducted with business on all IT Security Systems as well as make recommendations for continues improvement in order to ensure business continuity (all managers governance section). Assist with the development and review of current disaster recovery management plan (all managers governance section). Identify key risks, develop and implement effective mitigating plans and actions in order to avoid or minimise relevant risks, and report and raise these risks in the appropriate forums. Conduct high level security audits. Manager IT risk audits to provide an integrated view of IT‑related risks. Develop and maintain a clear national governance and accountability framework for civil aviation cybersecurity. Ensure compliance with relevant regulation and legislative requirements including POPIA, GDPR, ECT, etc. Ensure that effective data recovery plans are in place to ensure business continuity in case of a disaster or potential threats. Ensure adherence and compliance with the relevant regulatory framework. Select, apply and ensure adherence to good information security practices. Identify the key IT security risks across the business and raise in applicable forums. Ensure that the Business Continuity risks related to cyber security are mitigated and addressed. Ensure that the security architecture meets the minimum performance and availability requirements and that it is in line with the overall ICT strategy and cyber security requirements of the organization. Manage the dependencies between the various areas of the business and ensure that all security components are aligned. Ensure training of all users on the applicable compliance and governance requirements. Ensure timely compilation and submission of all required reports (internal and external) to ensure compliance with all governance requirements.

Financial Management

Participate in the planning and development of the security management budget. Manage delegated expenditure in line with business objectives and priorities, and within approved financial parameters. Report on all costs incurred against the approved budget, including possible variances. Ensure compliance with Finance policies, processes and guidelines.

People Management

Manage employees in accordance with HC policies and processes. Ensure that new employees have been properly on‑boarded and trained prior to commencing work. Monitor the time and attendance of subordinates, take appropriate action in the case of absenteeism, and report to the Head and Human Capital. Participate in the conclusion of performance management contract(s) and monitor performance. Manage the performance of direct reports in line with the performance management process. Conduct talent reviews of staff as required by the HC Talent Management process. Mentor and coach staff as required to ensure continuous development and availability of the required at all times. Ensure the