Officer, Information Security

Company Description

Standard Bank Group is a leading Africa-focused financial services group, and an innovative player on the global stage, that offers a variety of career-enhancing opportunities – plus the chance to work alongside some of the sector’s most talented, motivated professionals. Our clients range from individuals, to businesses of all sizes, high net worth families and large multinational corporates and institutions. We’re passionate about creating growth in Africa. Bringing true, meaningful value to our clients and the communities we serve and creating a real sense of purpose for you.

Job Description

To implement the Group Cyber Resilience strategy securing platforms ecosystems 3rd party integration protecting sensitive data, applications and supporting infrastructure from infiltration or misuse guiding security capabilities in client segment and solutions. Facilitate security services ensuring that policies, standards and controls are embedded to prevent reputational, financial or other losses and compliance with regulatory requirements. Educate employees about their InfoSec responsibilities

Qualifications

• A degree in Business Commerce,  Information Technology, Risk Management.

Experience: 

• 5-7 years experience in an information security or Audit role within the banking and /or financial services sector. Experience working in a multi-vendor and outsourced and multi-system IT environment.
• 5-7 years Good working knowledge and experience with the implementation and management of information security policies and frameworks within a corporate environment. Management experience working with individuals and teams from diverse cultures.
• 5-7 years Strong IT understanding, gaining insight into digital and platform operating models and cyber security trends and solutions

Additional Information

Key Responsibilities:

• Alert the responsible stakeholders where there is non-compliance to Cyber Resilience Policies and Standards, and work with them to identify and recommend practical and feasible remediation plans and technical solutions Assess information security maturity scores and guide the implementation thereof for continual awareness and prioritisation efforts and ensure compliance to information security standards is monitored.
• Collaborate with feature teams, product owners, architecture, IT, business, vendors and other stakeholders to investigate risk remediation controls Collaborate with threat intelligence, cybersecurity, security engineering and other risk functions to develop and maintain a holistic information security strategy and remediation plans
• Communicate and raise awareness regarding policies in the business, technology and risk communities. Conduct information security assessments and provide specialist advice and guidance on critical third parties / material outsource arrangements in client segments and solutions to ensure information security risks are identified and appropriately mitigated
• Create awareness of security trends and threats to the technology and operations executives and broader stakeholder group on the back of new threat and risk intelligence. Proactively create awareness on recurring risk themes Develop a cost-conscious risk treatment plan based on identified risks, threats, vulnerabilities, audit findings, policies and regulatory requirements.
• Develop a security assessment schedule and conduct reviews of applications, systems, underlying infrastructure and related processes as per the schedule
• Develop InfoSec expertise and awareness that is fit for purpose, and consider a range of risk data points e.g. audit findings, security risk assessments, emerging threats and risks, and incidents. Conduct regular updates, awareness sessions, training and coaching of stakeholders to improve the security posture across the organisation and to share knowledge on emerging security technologies, industry trends, specific strategies and tools.
• Document and track security findings into a formal risk register. Provide the necessary information to support any deviation to Cyber Resilience policies and standards. Drive a positive risk culture establishing appropriate Cyber risk oversight and governance processes and structures, guiding compliance to all information and cyber security regulations.
• Engage with suppliers and /or contractors to share Cyber Resilience policies and standards, ensuring the protection of intellectual property and data across all platforms, influencing their decision making

Behavioural Competencies:

• Adopting Practical Approaches
• Articulating Information
• Checking Details
• Directing People
• Examining Information
• Exploring Possibilities
• Interpreting Data
• Making Decisions
• Providing Insights
• Pursuing Goals
• Showing Composure
• Upholding Standards

Technical Competencies:

• Benefits Management
• Information Security
• Internal & External IT Environment
• IT Risk Management
• Knowledge of Banking & Financial Service
• Stakeholder Management (IT)