Business Information Security Officer

Job Classification

Business Information Security Officer (D1)

Career Stream

IT Risk

FAIS Affected

Job Purpose

To promote information security and cyber resilience, and ensure effective and consistent application of good practice throughout Nedbank. Support the implementation and execution of cyber resilience risk management measures, which includes cyber risk assessments, strategy, cyber security programme, policies, standards, reporting of cyber resilience risk programme elements and regulatory matters. To promote information security and cyber resilience, and ensure effective and consistent application of good practice throughout Nedbank. Support the implementation and execution of cyber resilience risk management measures, which includes cyber risk assessments, strategy, cyber security programme, policies, standards, reporting of cyber resilience risk programme elements and regulatory matters.

Job Responsibilities

Key Responsibilities:

• Ensure compliance to cyber risk policies, frameworks and standards.
• Build and maintain stakeholder relationships through collaboration with stakeholders and regular communication
• Conduct cyber resilience risk assessments, ensuring that they are understood, captured in the risk management processes, appropriate controls are embedded in the day-to-day operations, and remediation of non-compliance is documented and addressed.
• Execute and report on all specific cyber resilience programme elements.
• Assist with identification and maintaining of cyber risk assets register.
• Assist with conducting cyber risk assurance examinations.
• Document and maintain a cyber-risk profile.
• Work with the business to develop processes and procedures to ensure cyber risk policies and standards are integrated.
• Manage and assist with third party and vendor management cyber risk assessments.
• Coordinate and assist with cyber awareness and training.

Job Responsibilities Continue

• Actively involved in cybersecurity assessments and monitor specific cybersecurity concerns.
• Ensure Service Level Agreement or letters of engagement between the NNH Group and 3rd Party Vendors are in place in compliance with cyber risk policies, assist with resolving service delivery issues and report issues for escalation to the relevant governance committee.
• Manage reputational impacts caused by cyber incidents.
• Investigate and report on all cyber resilience risk matters, including cyber related events or incidents.
• Coordinating compliance efforts to cyber related regulatory programmes.
• Coordinating cyber resilience across NNH Group.
• Providing expert advice on all aspects of cyber resilience where required (including providing input to specialised business initiatives regarding cyber aspects).
• Assist and develop enterprise security architecture principles and practices.

 

Key Competencies: 

•  Excellent communication skills. 
• The ability to function and contribute as part of a team.
• The ability to work under pressure.
• Knowledge of the Bank’s digital channels, products and services and those provided in the market.  Planning and organizing skills.
• Strong Analytical and Problem Solving skills.

People Specification

Affirmative Action Candidates are encouraged to apply)

Essential Qualifications - NQF Level

• Matric / Grade 12 / National Senior Certificate
• Advanced Diplomas/National 1st Degrees

Preferred Qualification

• A Degree/Diploma in Information Technology and or equivalent qualification will be an advantage.
• Relevant regulatory knowledge.
• A Driver’s license would be an added advantage.

Essential Certifications

Preferred Certifications

 

• CISSP, CISA, and / or CISM Certification

Minimum Experience Level

• 5 year + relevant experience in Information Security.

Technical / Professional Knowledge

• Administrative procedures and systems
• Data analysis
• Governance, Risk and Controls
• Principles of project management
• Relevant regulatory knowledge
• Relevant software and systems knowledge
• Cluster Specific Operational Knowledge
• System Development Life cycle(SDLC)
• TCP/IP
• Information Security terms and definitions
• Relevant Operating System
• Information Security policies and procedures
• Vendor Management Principles

Behavioural Competencies

• Applied Learning
• Communication
• Collaborating
• Customer Focus
• Initiating Action
• Managing Work
• Technical/Professional Knowledge and Skills

 

---------------------------------------------------------------------------------------

For any assistance or more info please contact the Nedbank Recruiting Team

+268 2408 1236 Eswatini  00266 5223 1187 / 00266 5223 1157 /  00266 5223 1163 Lesotho +264 61 295 2155 / +264 61 295 2948 Namibia  0242 254 800 / 0867 700 004 040 Zimbabwe