Information Security Officer at Serena Hotels

Under the direction of Group IT Manager, the information security officer is overall responsible for IT security, driving the IT security strategy and implementation forward whilst protecting the business from security threats and cyber-hacking. Operational compliance to all Policy, Procedures and standards is the responsibility of the Information security Officer. This role is group-wide and will commonly involve working with the hotel IT managers, systems administrator, consultants and auditors.

The incumbent will be responsible for the following key result areas:

• Directly involved:
• Formulating and implementing a strategy for the deployment of information security
  Performing formal security audits and risk assessments with a view to minimize exposure
• Monitoring security vulnerabilities and hacking threats in network and host systems
• Tracking latest IT security innovations and keeping abreast of latest cyber security technologies
• Implementing an effective process for the reporting of security incidents and communicating with key stakeholders about IT security threats
• Monitoring the daily operation and implementation of the IT security strategy
• Conducting a continuous assessment of current IT security practices and systems and identifying areas for improvement
• Managing the IT security budget and communicating this with the appropriate parties
• Implementation of Network & Server Security including firewalls and patch management
• Continually review IT Security installations and incorporate improvements and innovations as a matter of routine.
• Review and enforcement of the IT policies, procedures and standards
• Develop and deliver training/guidance verbally, written or within training workshops as appropriate to IT Team and IT Systems Users
• Assist with legacy application security enhancement
• Assist with security on Serena’s e-commerce platforms
• Indirect through Site IT teams
• Ensure ICT Policy, Procedure and Standards implementation plan is developed and actioned
• Ensuring disaster recovery and business continuity plans are up-to-date
• Overseeing the investigation of reported security breaches
• Monitor Information System audit issues
• Follow-up IT security tasks
• Implementation of Network, Servers and workstation Security

Knowledge, Skills & Experience required:

• A Bachelor's degree in Computer Science or closely related discipline
• CISM or CISSP Certification. Any other security certification will be an added advantage
• Minimum of 3-5 years’ experience in a similar position is essential
• Excellent verbal, written and interpersonal skills.
• Proven leadership skills
• Self-motivated and a good team player.
• Must have in-depth knowledge of business processes as well as process controls and risks and how these relate to relevant IT audit procedures.
• A proven record of dealing with complex projects and meeting conflicting demands
• Knowledge of Network monitoring tools, Traffic analysis and intrusion detection systems
• Knowledge of information security management best practices such as ISO 27000
• Knowledge of threat and vulnerability analysis, risk assessment business impact analysis
• Experience of writing effective security policies and procedures

The remuneration package for the position will be commensurate with the candidate’s qualification and experience.