Information Security Officer at Serena Hotels

Under the direction of the Group IT Manager, the Information Security Officer is overall responsible for IT security, driving the IT security strategy and implementation forward whilst protecting the business from security threats and cyber-hacking. Operational compliance with all Policies, Procedures and standards is the responsibility of the Information security Officer. This role is group-wide and will commonly involve working with the Hotel IT Managers, Systems Administrator, Consultants, and Auditors.

Responsibilities

The incumbent will be responsible for the following key result areas:

Directly involved:

• Formulating and implementing a strategy for the deployment of information security
• Performing formal security audits and risk assessments with a view to minimizing exposure
• Monitoring security vulnerabilities and hacking threats in network and host systems
• Tracking the latest IT security innovations and keeping abreast of the latest cybersecurity technologies
• Implementing an effective process for the reporting of security incidents and communicating with key stakeholders about IT security threats
• Monitoring the daily operation and implementation of the IT security strategy
• Conducting a continuous assessment of current IT security practices and systems and identifying areas for improvement
• Managing the IT security budget and communicating this with the appropriate parties
• Implementation of Network & Server Security including firewalls and patch management
• Continually review IT Security installations and incorporate improvements and innovations as a matter of routine.
• Review and enforcement of the IT policies, procedures, and standards
• Develop and deliver training/guidance verbally, written, or within training workshops as appropriate to IT Team and IT Systems Users
• Assist with legacy application security enhancement
• Assist with security on Serena’s e-commerce platforms
•  
• Indirect through Site IT teams
• Ensure ICT Policy, Procedure, and Standards implementation plan is developed and actioned
• Ensuring disaster recovery and business continuity plans are up-to-date
• Overseeing the investigation of reported security breaches
• Monitor Information System audit issues
• Follow-up IT security tasks
• Implementation of Network, Servers, and workstation Security

Knowledge, Skills & Experience required:

• A Bachelor's degree in Computer Science or a closely related discipline
• CISM or CISSP Certification. Any other security certification will be an added advantage
• Minimum of 3-5 years experience in a similar position is essential
• Excellent verbal, written, and interpersonal skills.
• Proven leadership skills
• Self-motivated and a good team player.
• Must have in-depth knowledge of business processes as well as process controls and risks and how these relate to relevant IT audit procedures.
• A proven record of dealing with complex projects and meeting conflicting demands
• Knowledge of Network monitoring tools, Traffic analysis, and intrusion detection systems
• Knowledge of information security management best practices such as ISO 27000
• Knowledge of threat and vulnerability analysis, risk assessment business impact analysis
• Experience in writing effective security policies and procedures