Key Accountabilities : o Activity 1: Security architecture/engineering • Develop security architecture; recommend and coordinate the implementation of technical controls to support and enforce defined security policies. • Research, evaluate, design, test, recommend or plan the implementation of new or updated cybersecurity technologies or services, and analyze their impact on the existing environment. • Conduct market research and drive tenders to select security solutions and vendors. • Provide technical and managerial expertise for the administration of security tools. • Work with the IT and business teams to ensure that there is a convergence of business, technical and security requirements. • Consult with IT and security staff to ensure that security is factored into the evaluation, selection, installation and configuration of services or technologies (hardware, applications and software). o Activity 2: Operational Support • Coordinate, measure and report on the technical aspects of security management. • Manage outsourced vendors that provide security functions for compliance with contracted service-level agreements. • Monitor security solutions to determine trends and identify security incidents. • Manage and coordinate operational components of security incident management, including detection, response and reporting. • Research and assess new threats and security alerts, and recommend remedial actions. • Execute or supervise vulnerability and penetration tests, recommend treatment plans and track status. • Manage security projects and provide expert guidance on security matters for other IT projects. • Assist and guide in the selection of recovery strategies and the development, testing and maintenance of disaster recovery plans. • Ensure audit trails, system logs and other monitoring data sources are reviewed periodically and are in compliance with policies and audit requirements. • Design, coordinate and oversee security testing procedures to verify the security of systems, networks and applications, and manage the remediation of identified risks. o Activity 3: Strategic Support • Manage the process of gathering and assessing the current and future threat landscape, as well as providing with a realistic overview of risks and threats in the enterprise environment. • Analyzes and makes recommendations to improve network, system, and application architectures. • Monitor and report on compliance with security policies, as well as the enforcement of policies within the IT department. • Assists in the review and update of information security policies, architectures and standards. • Assists in responding to audits, penetration tests and vulnerability assessments. • Translate IT-risk requirements and constraints of the business into technical control requirements and specifications. • Coordinate the IT organisation’s technical activities to implement and manage security infrastructures. • This list is not exhaustive; the functions are by nature scalable and may be changed by the company according to the operational needs of the company and of the Department.