Information Security Officer (Cyber Security Specialist)

Johannesburg, Gauteng
Work Type: Full Time


Our client, an established and reputable company offering water, waste, and energy solutions, is seeking a Dynamic, Confident and Ethical Leader to take on the role of Information Security Officer (Cyber Security Specialist) - to report to the IS&T Manager.

The candidate will be required to provide advice, assistance, information, training and alerting, and will have the authority to intervene on all or part of the information systems of their BU and its subsidiaries and will be required to carry out a technological and regulatory watch in their field and propose changes to guarantee the security of the information systems as a whole.

 The candidate will fit in best with the company culture if they value honesty, integrity, reliability, and can interact, communicate with, and share knowledge with colleagues at all levels, whilst treating them with the utmost respect and professionalism.


1) Definition and implementation of the information systems security policy:

  • Defines the objectives and needs related to cybersecurity for the BU and its subsidiaries, in collaboration with the relevant actors (general management, information systems management, human resources management, business management, finance and others).
  • Drafts the associated security procedures in collaboration with the relevant players.
  • Implements the cybersecurity policy, ensures its evolution and updates.
  • Sets up an organization to ensure the long-term governance of the BU's cybersecurity.

2) Diagnosis and analysis of the cyber risks of its perimeter with the Themis group tool:

  • Assesses cyber IT risks with the assistance of the BU Information System Department
  • Assesses cyber OT risks with the assistance of the BU's industrial security correspondent or manager.

3) Selection of security measures and implementation plan :

  • Studies the means of ensuring the security of information systems and their proper use by all the players in its scope.
  • Proposes a list of security measures to be implemented to the authorities within its scope of responsibility, for their approval, and ensures the follow-up and development of this action plan over time (the action plan is accompanied by resource requirements).
  • Ensures project management of the implementation of security measures (this mission, depending on the type of technical or organizational measure, may be shared with a business manager or the head of the information system) and reports to the group DSSI on progress.

4) Development of the cybersecurity culture, awareness, training and consulting on cybersecurity issues:

  • Regularly informs and raises awareness among the management of its BUs and subsidiaries about cybersecurity issues and risks.
  • Conducts awareness-raising and training activities for users on cybersecurity issues.
  • Participates in the creation of the information systems security charter for its perimeter (if there are local specificities to be taken into account) and ensures its promotion to all users of its establishments.

5) Audit and control of the application of group and local cybersecurity policies:

  • Conducts regular security audits of IT and OT information systems in order to verify the proper application of group and local cybersecurity policies by the actors of its BU and its subsidiaries.
  • Monitors and manages security incidents that occur within its BU and subsidiaries - adopts and applies the group's incident, alert and crisis management procedures.
  • Verifies the integration of cybersecurity in all projects of his BU and its subsidiaries.

6) Technology watch and foresight:

  • Monitoring local regulatory and technical developments to ensure that cybersecurity policies are in line with these developments.


  • Ideally a Bachelor's or Master's degree with additional specialization in Information Systems Security.
  • Professional security management certification, such as CISSP, CISA, CISM or CISP.
  • Technical executive with proven experience in project management in an industrial environment
  • Knowledge of technical concepts of industrial computer applications, computer networks and security mechanisms.
  • Proven ability to Implement cybersecurity procedures and tools
  • Thorough Knowledge of ISO 2700x security standards.
  • Proven ability to use and implement audit techniques and procedures.
  • Proven Success in Managing risks and Crisis Situations (financial, human, technical): anticipation, identification, implementation of corrective actions.
  • Significant experience in the negotiation and management of cross-functional SSI projects.
  • Legal knowledge of information systems security, and particularly of the texts regulating the industries.
  • Ability to Design and adapt communication media and/or documentation according to the messages and targets
  • Ability to Adapt oral interventions to the subject and to the interlocutors
  • Ability to communicate / share knowledge and know-how
  • Commitment to carry out its mission and set its organization in an autonomous way
  • Ability and confidence to make decisions (respect of commitments...)
  • Ability to argue one's decisions in order to convince and to obtain support
  • Exceptional sense of confidentiality and ethics
  • Ability to adopt an appropriate relational behaviour
  • Outstanding Leadership with the ability to lead working groups, awareness sessions and training.
  • Natural ability to demonstrate diplomacy and pedagogy
  • Proven successful ability to organize and lead change
Talent Partner:
Lauren Marot
Market Related for Mid-Level position

Submit Your Application

You have successfully applied
  • You have errors in applying