Business Information Security Officer

Description

• To promote information security and cyber resilience, and ensure effective and consistent application of good practice throughout Nedbank
• Support the implementation and execution of cyber resilience risk management measures, which includes cyber risk assessments, strategy, cyber security programme, policies, standards, reporting of cyber resilience risk programme elements and regulatory matters

Duties

• Ensure compliance to cyber risk policies, frameworks and standards
• Build and maintain stakeholder relationships through collaboration with stakeholders and regular communication
• Conduct cyber resilience risk assessments, ensuring that they are understood, captured in the risk management processes, appropriate controls are embedded in the day-to-day operations, and remediation of non-compliance is documented and addressed
• Execute and report on all specific cyber resilience programme elements
• Assist with identification and maintaining of cyber risk assets register
• Assist with conducting cyber risk assurance examinations
• Document and maintain a cyber-risk profile
• Work with the business to develop processes and procedures to ensure cyber risk policies and standards are integrated
• Manage and assist with third party and vendor management cyber risk assessments
• Coordinate and assist with cyber awareness and training
• Actively involved in cybersecurity assessments and monitor specific cybersecurity concerns
• Ensure Service Level Agreement or letters of engagement between the NNH Group and 3rd Party Vendors are in place in compliance with cyber risk policies, assist with resolving service delivery issues and report issues for escalation to the relevant governance committee
• Manage reputational impacts caused by cyber incidents
• Investigate and report on all cyber resilience risk matters, including cyber related events or incidents
• Coordinating compliance efforts to cyber related regulatory programmes
• Coordinating cyber resilience across NNH Group
• Providing expert advice on all aspects of cyber resilience where required (including providing input to specialised business initiatives regarding cyber aspects)
• Assist and develop enterprise security architecture principles and practices

Requisites

• Essential Qualifications - NQF Level:
• Matric / Grade 12 / National Senior Certificate
• Advanced Diplomas/National 1st Degrees
• Education Requirements:
• Grade 12 (25 points), Degree/Diploma in Information Technology and or equivalent qualification will be an advantage
• CISSP, CISA, and / or CISM Certification
• Minimum Experience Level:
• 5 year + relevant experience in Information Security
• Relevant regulatory knowledge
• A Driver’s license would be an added advantage
• Valid Police Clearance
• Technical / Professional Knowledge:
• Administrative procedures and systems
• Data analysis
• Governance, Risk and Controls
• Principles of project management
• Relevant regulatory knowledge
• Relevant software and systems knowledge
• Cluster Specific Operational Knowledge
• System Development Life cycle(SDLC)
• TCP/IP
• Information Security terms and definitions
• Relevant Operating System
• Information Security policies and procedures
• Vendor Management Principles
• Behavioural Competencies:
• Applied Learning
• Communication
• Collaborating
• Customer Focus
• Initiating Action
• Managing Work
• Technical/Professional Knowledge and Skills
• Key Competencies:
• Excellent communication skills
• The ability to function and contribute as part of a team
• The ability to work under pressure
• Knowledge of the Bank’s digital channels, products and services and those provided in the market
• Planning and organizing skills
• Strong Analytical and Problem-Solving skills

Notes

• Only shortlisted applicants will be contacted