Coca-Cola Beverages Africa (CCBA) presents an exciting opportunity for an experienced Chief Information Security Officer (CISO), to join the Security Team in the Information Technology (IT) department, in CCBA. The CISO is a senior level management, key position in the business, and requires a strategic and proactive mindset to identify and minimize risk and to define appropriate strategies to ensure optimal Information security for CCBA. This person is an expert leader that is accountable for ensuring the security of all IT infrastructure, systems, platforms, and data for CCBA. The applicant may reside in any of the CCBA footprint of countries: South Africa, Ethiopia, Kenya, Uganda, Tanzania, Ghana, Mozambique, Botswana, Namibia & Zambia.
The successful applicant will be reporting into the Chief Information Officer.
Coca-Cola Beverages Africa is the largest African Coca-Cola bottler, accounting for 40% of all Coca-Cola volumes on the continent. CCBA is a NARTD market leader in Africa. CCBA has an extensive footprint in Africa, employing over 16 000 employees. CCBA vision is to Refresh Africa every day and make the continent a better place for all, growing successfully as business and creating a better-shared future for our people, customers, consumers, communities, planet and shareholders.
The CISO manages a team of Information Security experts and a range of service providers. This role has a high impact on business operations and business continuity, as it is responsible for the establishment and enforcement of all Information Security services related to governance for CCBA. These services and solutions include:
Confidentiality, Integrity and Availability of Information Systems and Assets
Cyber risk and cyber intelligence
Access and Identity management
Security / Cyber Security Awareness and Communication
IT Risk Management
Security Governance and Compliance
Security Investigations and Digital Forensics
Related Policy and Process mapping, development, and updates
Manage the internal and external IT audit process
Key Duties & Responsibilities
Continuously staying up to date and researching Information Security best practices, tools, and trends.
Contributing to technology roadmap development and architectural design for the enterprise IT landscape from an IT security perspective.
Acting as expert and advisor in instances where strategic business decisions are being made and information technology solutions are being designed and planned.
Analysing cyber security trends in the FMCG manufacturing industry and the information technology market to identify emerging threats and solutions.
Analysing current internal cyber security solutions to identify weaknesses, as well as areas for improvement.
Developing a short, medium and long-term strategy and execution plans for the IT security team with a key focus on Information Security while supporting IT cost optimisation and IT value realisation.
Compiling and setting budgets for the IT Security team.
Contribute to the compilation of the IT department’s overall budget.
Communicating the IT Security strategy, execution plans and roadmaps with relevant IT and business colleagues as well as with external key stakeholders.
Collaborating with the senior leadership team to craft the short, medium- and long-term Information Technology strategy for the CCBA enterprise.
Ensuring the continuous development and growth of members of the IT Security team by ensuring that training, learning, and mentoring are planned and available.
Regularly engaging with business stakeholders, business partners and architects to understand the IT security requirements.
Maintaining the OPEX and CAPEX budgets for IT Security and managing and controlling team spend and expenses.
Delegating the IT security projects, duties and responsibilities to members of the IT Security team or outsourced service providers.
Monitoring the work and performance of the IT Security team members on a continuous basis.
Monitoring the progress of the service delivery, project execution and work tasks to ensure that it is aligned with the plans and that it meets internal standards for delivery.
Ensuring the formulation, testing and communication of a business continuity and disaster recovery plan.
Tracking and reporting against IT Security team annual goals.
Mandating the sourcing or development of relevant security governance standards and policies.
Overseeing the implementation and maintenance of the most current version of the CCBA IT Security Controls.
Instructing the responsible parties to conduct regular security audits.
Reviewing the results of compliance inspections and security audits and addressing any issues arising.
Determining methods and solutions to ensure that users are familiar with IT Security Governance requirements through the delivery of training programmes and that the necessary level of security awareness exists.
Supporting efforts to move towards Agile and DevOps culture and work practices.
Ensuring audit and security compliance for all practices, projects, and tools.
Defining the process and establishing the standards for the selection of services providers and vendors that deliver core security services.
Working with the IT security team to identify areas of the function where an outsource model will be more beneficial to the CCBA business.
Contributing to the requirements specification for the RFP, participating in evaluating and shortlisting service providers and managing the final negotiations and contracting.
Establishing a professional partnering relationship with key vendors and service providers and acting as a reasonable and good customer to vendors.
Meeting regularly with senior level business stakeholders to identify, agree and understand their IT security requirements for their relevant business area.
Keeping in contact with the users of the IT security solutions to ensure that work priorities and solution features align with user requirements.
Representing CCBA-IT at key governance and control forums such as CCBA Governance, Finance and Audit Committee and the TCCC Security forums.
Meeting regularly with the IT Leadership team members and his/her manager to report progress, raise issues and brainstorm solutions.
Meeting regularly with the IT Security team to plan work and to track the progress of projects underway.
Supporting internal improvement initiatives within the IT department to ensure continuous business improvement.
Skills, Experience & Education
The minimum qualification required for this position is a first degree in Information Technology, Computer Science, or Information Systems.
A further degree would be an advantage.
Other Qualifications (Six plus, or more including ITIL):
Certified Ethical Hacker (CEH)
NIST Cybersecurity Framework (NCSF)
Certified Cloud Security Professional (CCSP)
Certified Information Security Manager (CISM)
Certified Information Systems Auditor (CISA)
Certified Information Privacy Technologist (CIPT)
Computer Hacking Forensic Investigator (CHFI)
Cisco Certified Network Associate – Security (CCNA)
Professional Cloud Security Engineer (PCSE)
CompTIA Security+ Certification
ITIL V4 Managing Strategic Leader
12 to 14 years general work experience with at least 6 years relevant experience in governance, risk, and compliance.
The advert has minimum requirements listed.
Management reserves the right to use additional or relevant information as criteria for short-listing.