South Africa

Head of Infrastructure and Security

Company Herotel
Reference # HIS_001
Published 30/03/2021
Contract Type Permanent
Salary Market Related
Location Stellenbosch, Western Cape, South Africa
Applications are invited for the above-mentioned position. The position will be based in Western Cape, Stellenbosch. The individual will report to the Head of Systems.

The Head of Infrastructure and Security is responsible for the support and maintenance of all our physical and cloud-based server infrastructure across the organisation, as well as all our systems, applications, and information security, including access control and data retention.
Job Functions Information Technology
Industries Banking / Finance & Investment,Ecommerce,Financial Services,ICT - Information & Communications Technology,Infrastructure,IT - Information Technology,Telecommunications
Key Responsibility Areas:

• Leads the technical expertise and direction of the infrastructure & national systems team.
• Leads the IT Risk assessment, penetration test, vulnerability scans, and social engineering.
• Responsible for all data security, system backups, and disaster recovery procedures.
• Responsible for conducting regular vulnerability scans and disaster recovery simulations; and communicating the critical results to management.
• Educates management & staff on security risk through continuous reporting and presentations.
• Monitors Information Security industry trends and educates the organization of critical information.
• Develops, plans, and manages the Information Security Program to include policies, procedures, and standards.
• Leads the project initiatives to research, validate, and manage Information Security vendors and products to ensure robust detection, prevention, and monitoring tools are in place.
• Defines the Information Security plan to resolve gaps identified from audits, risk assessments, or vulnerability scans.
• Leads cybersecurity investigations providing summaries and recommendations to resolve the matter. Works closely with IT and project teams to ensure that new projects meet or exceed information security
• Achieves Information Security and operational objectives by developing and executing strategic plans which reduce risk to information assets.
• Protects information assets by developing security strategies, directing system access control, monitoring, and response.
• Implements regulatory requirements, industry standards, and best practices such as POPIA (Protection of Personal Information Act), GDPR (General Data Protection Regulation), etc at a systems level, ensuring the Information Security Program is held to the highest standard.
• Work in collaboration across streams and in line with the macro compliance, risk and audit policies, functional heads & relevant Board subcommittees.
• Leads Information Security, Server infrastructure & National systems projects to align with organizational strategic objectives, goals, and risk tolerance.
The successful candidate must have the following experience/skills:

• At least 4 years of information security experience.
• At least 4 years of server administration experience.
• At least 4 years of experience with managing cloud infrastructure, including AWS & Azure
• Experience with standards and best practices such as ISO27001, SIEM, POPIA, GDPR & SOC 2 compliance.
• Required demonstrated knowledge of information technology security trends and leading best practices.
• Minimum of 2 years experience directly leading infrastructure or security-focused staff in a team environment.
• Experience and expertise in managing and administering infrastructure and data systems.
• Minimum of 3 years experience in at least five of the following: access control systems and methodology; business continuity and disaster recovery planning; risk, response, and recovery; network security architecture; security management practices; audit and monitoring; enterprise and IT risk assessments; incident response management.
• Demonstrable experience in managing complex disaster recovery plans & procedures.
• Demonstrable experience in drafting and introducing data protection and disaster recovery policies.
• Requires working knowledge of ISP’s and their operations and procedures.
• Excellent time management skills and the ability to prioritize multiple initiatives and projects.
• Ability to establish strategic direction for the department and provide the roadmap of initiatives and priorities in support of that vision.
• Ability to operate at all levels of the organization.
• Excellent interpersonal skills including oral and written communications.
• Ability to manage change within the organization.
• Ability to maintain a high level of confidentiality.
• Technically proficient in IT and Information Security controls and concepts.
• Demonstrate flexibility and the ability to work in a team environment.
• Strong organizational and planning skills, resourcefulness, and creative problem-solving skills.


• Degree in Computer Science, Information Technology or related field.
Job Closing Date 10/04/2021
Share on
Last Updated: 4-3-2021 []
Webserver: SkillsMap (NLBC)