Information Security Officer

Are you…?

Obsessed with protecting data? Passionate about data privacy and information security? Cool and calm under pressure? Able to work independently? Have an eye for detail? If so… then read on…

Ten is a leading global lifestyle management business with presence in over 22 locations globally and more than 1200 employees. The last few years has seen the company grow significantly and as with any global expansion and growth, the amount of data that is stored and processed by Ten has increased, along with the global regulations associated with protecting this data. To accommodate this growth and ensure that the company continues to protect all data entrusted to it and act within the regulatory boundaries that protect data across the globe, Ten is looking to grow our Information Security team.

Who We Are

At Ten our goal is simple, to become the most trusted service business in the world.

Ten is a leading global lifestyle management business with presence in over 22 offices globally and more than 1200 employees. We use our expertise, technology and buying power to grant our members direct access to the best travel, live entertainment, dining and luxury retail services. We also work closely with suppliers to provide exclusively negotiated benefits and employee loyalty schemes.

We deliver our service through a combination of Ten’s proprietary, unique technology-enabled platform and the expertise of our highly trained lifestyle managers. Ten is growing quickly and has ambitious plans to keep innovating, inspiring and to continue to improve the lives of millions of members.

To find out more about Ten, please watch this short video here.

Key Responsibilities

Reporting to the Global Cyber Security Manager, this role will:

• Pursue Information Security excellence with the continuous development and management of Ten Group’s Information Security standards to ensure compliance for PCI-DSS, SOC2 and other stakeholder and/or regulatory requirements.
• Perform internal security reviews against operational activities in line with international standards and client agreements.
• Collaborate with key stakeholders in multiple IT, Tech and DevOps teams to ensure technical solutions are designed and implemented following security best practice and adhere to all compliancy requirements.
• Perform security assessments on new and current suppliers - plan, organise and review Digital implementations, tools, APIs and platforms.
• Support the completion of stakeholder Information Security schedules for RFPs, MSAs, delivery and project teams
• Contribute to the Information Security Risk Register and collaborate on treatment of risks tailored to the needs of Ten Group.
• Manage and track risk mitigations, remediations and compensating controls.
• Complete Information Security assessments from external parties in a timely manner
• Play an integral part of the Ten Group Incident Management Team
• Assist with creation and review of Info Sec documentation
• Collaborate with relevant parties in Ten Group, providing information security consultancy, strategy and implementation planning for high impact projects.
• Working alongside the Ten Group SOC team (which is 3rd party provided) managing security incidents and responding to these incidents according to Ten Group’s client agreements, regulatory and business requirements.
• Contribute to cyber and information security reports, briefings and whitepapers
• Assist with the coordination of threat and vulnerability management and ensure vulnerability remediation is completed within stipulated timelines
• Manage DLP technologies and ensure that alerts are reviewed responded to in a timely and effective manner.
• Assist with the performing of security incident scenario walkthrough’s, phishing Simulations, ensuring continuous improvement to Ten Group’s security and risk avoidance culture
• Improve and maintain Ten Group’s security posture, ensuring that the organisation is equipped and prepared to respond to emerging risks, data security best practices and resilience to cyber-attacks.

Requirements

Work Environment

• Cape Town based
• Hybrid working rotation (i.e., 25% office based and 75% remote based)
• Supporting a combination of remote and onsite work arrangements across the globe
• Monday to Friday 9am to 6pm SAST
• You will work in an energetic and committed global team where collaboration and teamwork forms the foundation.
• Highly regulated and audited environment where Information Security, Compliance and Data Security is of paramount importance
• A small information security team where security responsibilities are “distributed” to all personnel and enforced through governance structures and continual compliance and risk assessments.

Technical Skills & Qualifications

We are ideally looking for somebody with the following skills/qualifications; however, we are open to hearing from candidates with alternative qualifications or those who are currently in the process of achieving these.

• Hands-On technical infrastructure security experience
• Cloud security knowledge and experience (AWS, Azure)
• Experience in a security role with the emphasis on risk, policy and governance
• Technical understanding with an investigative mindset.
• Ability to identify and educate on technical and operational security improvements
• A working understanding of security frameworks or methodologies, NIST, Cyber Essentials (Plus) and/or ISO27001
• Exposure to Enterprise Security tools AV, Vulnerability, IAM, SSO.
• Efficient, firm but friendly character that will ensure tasks are being instigated, and confident enough to escalate where necessary.
• Continuous improvement with activities that stretch you beyond your job role, an opportunist who finds the positive side of a challenge.
• Critical Thinking with a mindset that considers solutions prior to presenting challenges
• Lead and produce quality work with minimal guidance.
• Collaboratively work with 3rd parties and handle challenging relationships with diplomacy and balance.
• Acting honourably, honestly, justly, responsibly, and legally.
• Global perspective - Regional delivery.
• Comfortable with multi-tasking
• Excellent communication skills

Preferred:

• CompTIA Security+
• Microsoft Certified: Cybersecurity
• ISO 27001 ISMS Foundation
• Information Security Auditing
• CISSP, CISM or equivalent training

Benefits

Our people are at the heart of the business and we have a culture of recognition and reward - both through regular appraisals but also annual Extra Mile Awards where we celebrate those who have gone that extra mile in their role. We also encourage all our staff to incorporate their aspirations and interests into their career at Ten and we are there every step of the way in supporting development.

All our employees also enjoy a range of benefits:

• Offer flexible work arrangements including Hybrid work possibilities
• Annual Leave of 15 days per annum, 20 days per annum from the second year and an additional 3 extra days of annual leave in their third year.
• One (1) month paid Sabbatical after 5 years of Service, without tapping into annual leave
• We also offer a company contribution towards medical aid, transport home for those working a late shift (applies to those who don't have a car).
• ICAS Employee Health and Wellness (EHWP) services which are confidential and free for all employees to use.
• Access to lots of great travel and entertainment discounts as our clients members would!
• There are lots of social events throughout the year as well as a break-out room where employees can relax (or, if they wish, play one of the numerous games we provide!) or stunning roof-top terrace to enjoy the Table Mountain view, whilst enjoying our latest fruit drop or great coffee/tea station.
• Global Team, with diversity at its core.
• Safe and secure offices located in Cape Town Foreshore, with complimentary off-street parking.
• Possibility of growth within a dynamic and international company

Commitment to Diversity

We encourage diverse philosophies, cultures and experiences. We appreciate diversity and are dedicated to creating an inclusive work environment for our employees. This idea unites the teams at TEN. All aspects of our relationship, including the decision to hire, promote, discipline or terminate, will be based on merit, competence, performance and business needs.

"Ten works with a small preferred supplier list of recruitment agencies only. Please note we are not accepting any further recruitment agencies at this time."