Function Specialist: Info & Cyber Mngt Jobs

Position Purpose

To ensure that Transnet Freight Rail’s (TFR) business environment remains safe, secure, reliable, and resilient through the implementation of information and cyber security capabilities. This includes aligning cyber security to business objectives, ensuring confidentiality, integrity, availability, and auditability of information systems, complying with legislation and standards, and guiding the business in the selection and implementation of security solutions.

Key Outputs / Responsibilities

• Strategy
  • Lead the design, development, and implementation of the Information and Cyber Security Strategy for TFR operational and business systems in alignment with Group ICT standards.
  • Establish and implement Cyber Security Operations Centre (CSOC) capabilities for proactive monitoring and threat response.
  • Ensure all IT strategic initiatives meet security requirements and are aligned to security frameworks and policies.
  • Align enterprise Information Security Architecture with the IT Strategic Roadmap.
  • Communicate security strategies and plans to executives, staff, partners, and stakeholders.
• Information and Cyber Security Management
  • Develop and implement comprehensive security frameworks based on COBIT, NIST, ISO, SABSA/TOGAF.
  • Oversee and direct execution of the information security programme.
  • Lead, manage, and mentor the IT security team.
  • Ensure compliance of administrative and system use procedures with TFR security policies.
  • Ensure outsourced services adhere to established information security policies.
  • Manage administration of all security technologies including firewalls, IDS, cryptography, antivirus, and facility security systems.
  • Maintain vigilance over critical information assets.
  • Establish mechanisms to prevent, identify, and resolve security breaches.
  • Ensure effective access management and security operations processes.
  • Define and communicate policies, standards, and corporate security plans for new technologies.
• Policies and Procedures
  • Implement and maintain IT security policies, frameworks, and procedures.
  • Ensure consistent policy application across business units.
  • Provide security performance and risk reports to CIO and relevant stakeholders.
• Reporting
  • Report on information security status, cyber incidents, and mitigation measures.
  • Promote a culture of performance, innovation, and value-for-money within the cyber security function.
• People Management
  • Lead, plan, and monitor team activities to achieve functional goals.
  • Drive performance management, talent management, and succession planning.
  • Coach staff and promote a learning culture.
  • Provide technical support to stakeholders.
• Stakeholder Management
  • Build and maintain relationships with internal and external stakeholders, including government and regulatory bodies.
  • Implement corrective actions where necessary.
• Governance, Compliance, and Risk
  • Ensure adherence to statutory regulations, policies, and organisational standards.
  • Identify legal and regulatory developments related to cyber security and assess business impact.
  • Maintain policies aligned to business objectives.
  • Lead continuous risk identification, assessment, and mitigation across projects and processes.
  • Communicate new regulations and policies to ensure awareness.
• Financial Management
  • Develop and manage the OPEX budget.
  • Track and monitor security expenditure.
  • Provide input into ICT CAPEX planning.
• Information and Cyber Security Programme Management
  • Implement the Information and Cyber Security Programme in line with strategy.
  • Maintain governance plans and promote cyber awareness across the organisation.
  • Define and manage annual security budgets.
  • Establish response and recovery capabilities for disruptive events.
  • Oversee design, testing, and improvement of incident response processes.
  • Stay informed on global security trends and advise management.
• Response Management
  • Develop and coordinate cyber incident response plans.
  • Ensure teams are trained, equipped, and tested for response and recovery.
  • Implement processes for detecting, identifying, and analysing security events.

Qualifications and Experience

Minimum Requirements:

• Bachelor’s Degree in Information Technology, Computer Science, or equivalent.
• Postgraduate qualification is an added advantage.

Required Certifications (at least one):

• CISSP
• CISM
• Equivalent certification from a recognised professional body

Experience:

• 8–10 years in Information and Cyber Security in both IT and business environments.
• Experience in designing and deploying cyber security programmes and managing security tool lifecycles.
• Minimum 3 years in a leadership role overseeing large, cross-functional teams or projects.
• Must meet trust and honesty standards in line with the National Credit Act Amendment 19.
• Must undergo a lifestyle audit.

General Requirements:

• Valid Code 08 Driver’s Licence.
• Willingness to travel.

Competencies

Core Competencies:

• Strategy and sustainability
• Business performance and delivery
• Relationship management
• Corporate governance and compliance
• Personal mastery

Knowledge:

• Understanding of transport industry (advantage)
• Knowledge of technology trends and public-sector dynamics
• Strong capability in strategic and tactical cyber security planning
• In-depth knowledge of IT Strategy, enterprise security, data protection laws, and security frameworks
• Understanding of organisational and technical security processes