IT Risk Cyber Security & Compliance Manager

Job Purpose

The IT risk, cyber security & compliance manager ensures the security of all IT/OT data and operations through the effective implementation of IT/OT cyber security, IT/OT general controls, governance, resilience strategies, risk mitigation controls and frameworks. They are also responsible for the design, implementation and maintenance of the disaster recovery plans and that business continuity provisions are in place across IT services. This role also leads, manages and controls the Governance Risk and Compliance function acting as a point of escalation where critical breaches occur across Astron Energy’s systems

• Accountable for the definition of the IT risk, security and compliance framework for Astron Energy including information risk (cyber security), it policies, disaster recovery and business continuity.
• Oversee the adherence of Business and IT solutions to security architecture and design standards.
• Ensure a formal set of IT risk, security and compliance processes are in place by which the organisation can remediate risks.
• Lead, develop and manage the IT/OT risk, security and compliance capability
• Create a culture of high performance, value-for-money, optimisation and innovation in the IT risk, security and compliance team and manage performance of the team effectively.
• Support CIO to manage IT governance and resilience strategy through the establishment of effectively defined strategies and control mechanisms for both governance and resilience.
• Ensure compliance of all IT services to the defined risk, security and compliance frameworks.
• Maintain and continuously improve policies, standards and procedures to ensure demonstrable regulatory and legal control for all information and risk for Astron Energy from an IT perspective.
• Schedule risk and compliance audits, review the outcomes of the audit process, direct compliance issues to appropriate resources for investigation and resolution.
• Develop, implement and maintain a risk register, contribute results to corporate dashboard.
• Ensure that all systems have business continuity plans in place, ensuring that processes and procedures are available in a disaster situation.
• Manage the overall disaster recovery and business continuity planning process as well as report results to the business and CIO.
• Work with the development, service introduction and testing teams to produce the disaster recovery and business continuity planning operational acceptance criteria.
• Complete operational risk assessments and escalate key issues (where necessary).
• Ensure all critical IT services are maintained and available to business nationwide and effective failovers are in place.
• Management reporting of company IT risks for report-out at the Board Audit & Risk Committee.
• Company Data Privacy Officer.

Professional Qualification and Certifications:

• Bachelor’s degree in computer science, Information Systems or other related field, or equivalent work experience.
• Certification in risk, information systems and security (CISM, CRISC, CIPM) or similar desirable
• Certified Information Systems Security Professional (CISSP) or Sherwood Applied Business Security Architecture (SBSA) or similar mandatory.
• ITIL Foundation

Work Experience:

• 10+ years of experience in IT risk management, cybersecurity, security architecture and compliance
• 5+ years of leadership experience managing IT and OT/ICS security, risk, and compliance teams
• Extensive experience in regulatory compliance (POPIA, GDPR, NIST, ISO 27001, COBIT, ITIL)
• Proven experience in disaster recovery (DR) and business continuity planning (BCP)
• Hands-on experience with security tools and technologies, such as SIEM, SOC, vulnerability scanning, and incident response
• Proven experience in securing SCADA, DCS, and PLC environments in industries like oil & gas, energy, or logistics
• Experience with regulatory compliance for industrial cybersecurity (e.g., NIST 800-82, IEC 62443)

Knowledge and skills:

Technical Knowledge

• Deep understanding of cybersecurity frameworks (ISO 27001, NIST Cybersecurity Framework, CIS Controls, COBIT)
• Strong knowledge of IT governance, risk management, and compliance (GRC)
• Expertise in regulatory compliance (POPIA, GDPR, PCI-DSS, SOX, etc.)
• Proficiency in security technologies, such as firewalls, endpoint protection, SIEM, IAM, and data loss prevention (DLP)
• Cloud security expertise (AWS, Azure, Google Cloud security best practices)
• Disaster recovery (DR) and business continuity planning (BCP) best practices
• NIST SP 800-82 – Guide to Industrial Control System (ICS) Security
• ISA/IEC 62443 – Industrial Automation and Control System Security
• Data privacy and protection knowledge, including encryption, anonymization, and privacy impact assessments
• Strong knowledge of core IT infrastructure, applications, business processes and technology supplier community

Soft Skills

• Leadership and stakeholder management – Ability to engage C-suite executives, board members, and cross-functional teams
• Strategic thinking – Balancing risk mitigation with business objectives
• Incident response and crisis management – Handling breaches and business continuity events effectively
• Excellent communication skills – Ability to translate complex technical risks into business-friendly language
• Problem-solving and decision-making – Navigating risk challenges with innovative solutions

Application deadline: