Coca-Cola Beverages Africa (CCBA) presents an exciting opportunity for an experienced IT Security Assurance Specialist, to join the CCBA Information Technology team. The successful applicant will be reporting into the Governance, Risk and Compliance Manager. This is a senior specialist level position in the IT Risk and Compliance Team, and plays an important role in ensuring the safety of CCBA’s information technology hardware, software, and data by using audits and security assessments to pro-actively identify and address risks in the environment. The applicant may reside in any of the CCBA footprint of countries: South Africa, Ethiopia, Kenya, Uganda, Tanzania, Ghana, Mozambique, Botswana, Namibia & Zambia.
Coca-Cola Beverages Africa is the largest African Coca-Cola bottler, accounting for 40 percent of all Coca-Cola volumes on the continent. CCBA is a NARTD market leader in Africa. CCBA has an extensive footprint in Africa, employing over 16 000 employees. CCBA vision is to Refresh Africa every day and make the continent a better place for all, growing successfully as business and creating a better shared future for our people, customers, consumers, communities, planet and shareholders.
The IT Security Assurance Specialist, provides assurance for confidentiality, integrity, and availability of CCBA’s information and information systems. This employee leads the planning and scheduling of a variety of internal and external security assessments so that the organisation can proactively ensure that any potential risks are identified and addressed. The regular, professional, and efficient co-ordination and management of these security assessments assures business leaders and users that their online environment and data is adequately protected. The IT Security Assurance Specialist establishes relationships between second and third lines of defense that is management and independent assessors. This employee also ensures that all IT continuity and disaster recovery plans, processes and approaches adhere to internal security standards.
Key Duties & Responsibilities
Consulting with senior IT leaders and IT security colleagues to determine the requirements for internal security assessments.
Creating an annual plan and schedule of planned internal security assessments.
Scheduling the internal security assessments for new and existing key IT systems, processes and technologies including applications, databases, data centres and infrastructure.
Developing and performing IT risk assessments on new and existing key IT systems, processes or technologies including applications, databases, data centres and infrastructure.
Collaborating with other members of the Governance team to identify providers of independent security assessments and to contract them to deliver the services.
Facilitating the scheduled annual audit process, including ensuring that assessments are completed in a timely manner.
Facilitating the IT management response process and action plans related to internal and or external audit findings and self-reported risks.
Ensuring that remedial actions from security assessments and audit assessments are acted upon in a timely manner.
Providing management with timely and accurate report about status and progress of the risk audit process and the remediation thereof.
Acting as the IT liaison with enterprise risk and compliance management functions with regards to business continuity management.
Defining and developing the CCBA IT disaster recovery plans and ensuring that these plans remain up to date.
Ensuring that business impact analysis is periodically performed for every running application in the environment and mapped to required continuity controls.
Sharing information on disaster recovery with all relevant stakeholders and ensuring that they are trained and prepared for any disaster.
Continuously researching and reading relevant material to understand changes in the broader cyber environment which may result in risk.
Contributing to the preparation, review, and implementation and updating of risk and compliance policies, controls, and guidelines.
Providing oversight and support on on-going red-team exercises carried out by the Security Operations colleagues for identification of the evolving threat-and-risk landscape.
Lead implementation of cyber risks technologies such as honeypots, to closely understand the threats targeting CCBA.
Planning milestones for deliverables and deployment and creating a plan that visualise the timeline.
Meeting regularly with senior level business stakeholders to identify, agree and understand dynamic changes to their business unit and functional strategies.
Meeting regularly with risk management and business continuity colleagues in the rest of the business to discuss and agree organisational integrated risk management and to ensure comprehensive and effective business continuity plans are in place.
Preparing and delivering updates and reports as required by executive management and the business.
Supporting team members and collaborating by clearly communicating expectations, progress, constraints, and resolutions.
Supporting internal improvement initiatives within the IT department to ensure continuous business improvement.
Skills, Experience & Education
Bachelors Degree in Computer Science, Information Systems or related
Post Graduate qualification in Computer Auditing advantageous
Certifications (at least one of the following):
CRISC (Certified in Risk and Information Systems Control)
CISA (Certified Information Systems Auditor)
CISSP (Certified Information Systems Security Professional)
CISM (Certified Information Security Manager)
Certified in Governance, Risk and Compliance (CGRC)
Certified in the Governance of Enterprise IT (CGEIT)
BCS IT Governance & InfoSec Basis Practitioner
ITIL V4 Managing Professional
Relevant vendor/equipment specific certification
10 to 12 years general work experience with at least 5 years relevant experience in governance, risk, and compliance.
The advert has minimum requirements listed.
Management reserves the right to use additional or relevant information as criteria for short-listing.