Imperial is an African provider of integrated market access and logistics solutions. By focusing on the following key industries – healthcare, consumer, automotive, chemicals, industrial and raw materials – we bring the products of our customers and constituents to some of the most dynamic and challenging markets in the world. As a global logistics leader, we research and leverage new technologies to deliver innovative end-to-end solutions. Through our large African footprint and international expertise, and with the support of our 25,000 people, Imperial’s goal is to connect Africa and the world – and improve people’s lives with access to quality products and services. Imperial became a 100% owned company of DP World in March 2022. For more information: [URL Removed]
- The Imperials Logistics Africa business is the leading logistics provider in South Africa and one of the largest on the African continent, providing contract logistics, road freight and master logistics provider solutions.
- Imperial Logistics International, headquartered in Duisburg, Germany, is responsible for all Group logistics activities (including contract logistics and freight) outside of Africa.
- Imperial’s Market Access business develops complex market access solutions that provide constituents with access to patients and consumers across Africa through comprehensive channel strategies that integrate supply, sales, demand generation, distribution, marketing and promotions.
Purpose of the position
- Specify, implement and manage information security controls in the CIC/CB Imperial Logistics landscape
- The main responsibilities of this role include:
- Working with the executive: digital and IT security for
- Identify appropriate information security controls for the Imperial environment
- Implement these controls, either through direct action or in liaison with the operational IT teams
- Monitor the success of these implementations and correct as necessary
- Continuous security event monitoring, response and remediation
- Contribute to project teams by providing information security guidance on system designs and processes, and testing solutions as necessary
- Contribute to technology selections by defining information security requirements, evaluating vendor responses, and providing recommendations for technology selections
- Liaise with the architecture team as needed to establish an approved information security architecture
Liaise with stakeholders as needed to respond to information security questions and issues that may arise
- Work with the Privacy Office to implement privacy controls
- Provide summaries and reports to CISO, Risk Forums, EXCO and Audit as required
- Manage or participate in the management of security incidents that may arise
- Manage and participate in remediation activities identified during assessments, penetration testing or breaches
- Represent the Imperial Information Security Office to internal and external stakeholders as required.
- Perform forensic analysis of security incidents as appropriate
- A professional certification, such as a CISSP, CISM, CISA, or other security credentials is preferred.
- Minimum of three to five years of experience in a combination of risk management, information security or IT jobs.
- Excellent written and verbal communication skills; interpersonal and collaborative skills; and the ability to communicate safety and risk related concepts to technical and non-technical audiences.
- Must be a critical thinker with strong problem solving skills.
- Knowledge of technology trends and developments in the field of information security and risk management.
- Project management skills: planning and resource management.
- Proficiency with personal computers; experience with productivity software, such as Windows, Microsoft Office software, etc.
- Experience in contract and supplier negotiations.
High level of personal integrity and ability to deal professionally with confidential matters and to exercise the appropriate level of judgment and maturity.
- High degree of initiative, reliability and ability to work with little supervision.
- Sufficient knowledge to propose relevant IT responses to the evolution of information security and regulatory risks.
- Ability to lead and motivate cross-functional and interdisciplinary teams to achieve tactical and strategic objectives.
- Ability to understand and respond to operational security risks
- Proven ability to communicate with people at all levels – from developers to board
- Excellent writing business cases and responding to senior management and auditors
- Knowledge of security and control frameworks, such as ISO:IEC 27001/2, SABSA, COBIT and ITIL.
- Familiarity with key information security technologies, including:
o Anti-malware solutions including EDR, MDR and XDR
o Perimeter defense technologies including DMZs, firewalls, proxies and gateways
o Assessment mechanisms, including vulnerability scanning, penetration testing, and configuration reviews
o Email security including header scanning, DMARC and SPF
o Multi-factor authentication
o Appropriate use of relevant technical security standards such as WPA, OWASP and TLS
o The implementation, use and limitations of encryption technologies
o The implementation, use and limitations of key information security technologies such as DLP, SIEM and CASB
- Familiarity with attack vectors as described in the MITER framework, including phishing and its variants, malware, XSS, SQL injection, password spray attacks and others
We are committed to employment equity when recruiting and as such, preference will be given to candidates who match our equity goals. If you have not received a response within 4 weeks of the closing date of this announcement, please consider your application unsuccessful.
- CISA or other information security credentials
- information security or IT jobs. – Excellent written and verbal communication skills
- interpersonal and collaborative skills
- experience with productivity software
- Project management
- Microsoft Office
- personal skills.
- Customer relationship
Desired work experience:
- 2 to 5 years Systems / Network Administration
Desired level of qualification: