Information Security Manager

• The Information Security Manager is responsible for establishing and enforcing the information security policies and standards and for the coordination of information security efforts across The Group including the mining operations and support services.
• The objective of the role is to safeguard the confidentiality, integrity and availability of critical business information in all its forms and to defend business systems and technology infrastructure in the face of malice, error, or mischance. 
• The IT systems, plant control systems and physical security systems are included in the scope.
• The end state is to protect shareholder value by bringing the organisation’s information security risks under explicit management control through establishing, implementing, maintaining and improving an Information Security Management System. 
• As part of the management system the Information Security Manager will drive and implement the information security strategy by understanding the business context, assessing information security risks and implementing information security controls.
• The Information Security Manager will work under the authority of the Head of Security, as well as closely with peers within the Global Security team, IT functions, engineering functions and business units.
• This role is responsible for ensuring information security controls are internalised and maintained within the IT and business environments. 
• The Information Security Manager assess and report on the information security posture of the business and will continuously improve the Information Security Management System in line with the information security strategy.
• In general, the Information Security Manager is charged with the responsibility for building an information security-conscious culture for the business and remediating information security weaknesses.

Key Performance Areas:

• Develop, implement/enforce, and maintain information security policy, standards, and guidelines.
• Serve as an expert advisor to Security leaders and the business in the development, implementation, and maintenance of an increasingly resilient information security management system.
• Provide input regarding prioritization of information security risks and control investments that impact upon security effectiveness and efficiency.
• Work with Internal Audit and other risk management functions to ensure that the business considers information security risks in both on-going and planned operations.
• Monitor information security trends internal and external to the organisation and keep stakeholders informed about information security-related issues and activities affecting the organisation.
• Understand potential threats, vulnerabilities, and control techniques and communicate this information to the Group Head of Security, Global Security Peer Groups and business leaders/managers.
• Work independently and as part of a networked and integrated security team to conduct information security reviews and audits across the business, identifying critical vulnerabilities and providing pragmatic solutions to fix them.
• Detect and respond to information security threats and assist the organisation to recover from security breaches.
• Investigate and report on information security breaches.
• Develop, implement and manage an information security awareness and training program across the business and produce metrics system to measure progress.
• Monitor and report on information security activities, risks and compliance.

Reporting Relationships:

The Information Security Manager will report directly to the Group Head of Security, with functional direction from the Global Head of Information Security.

REQUIRED COMPETENCIES:

• Advanced understanding of business, IT, plant control and information security technologies.
• Advanced understanding of information security standards, methodologies and frameworks.
• Strong leadership skills to sustain morale, change culture and successfully develop teams.
• High-quality analytical, strategic thinking and information security risk management skills.
• An understanding of the business processing environments that enables and supports the proactive identification of vulnerabilities that could be exploited by those with criminal intent.
•  Sound understanding and skills in terms of business focused security solutions that are pragmatic and innovative.
• A higher than average intellect that supports problem solving, the sustainment of inquisitiveness and a desire to improve.
• The ability to anticipate, investigate, influence, and assist the organisation in its ability to assess and rapidly adjust to changing conditions and trends of importance (both internal or external) in light of the overall direction of the organisation.
• Ability to effectively handle conflict, give and take constructive criticism and also have strong persuasive impact on others.
• Displays a thorough understand