(936) Chief Information Security Officer - BSTD

Brief description

The main purpose of this position is to develop and oversee the execution of the South African Reserve Bank’s (SARB) cybersecurity information strategy. The Chief Information Security Officer is also accountable for cyber governance, risk, assurance and compliance within the SARB Group and provides leadership to the Cyber and Information Security Unit (CISU).

Detailed description

The successful candidate will be responsible for the following key performance areas:

• Develop, review, update and oversee the execution of the SARB’s cybersecurity information strategy.
• Establish, lead (i.e. develop functional plans aligned to the SARB and departmental strategy) and oversee the day-to-day operations of the CISU.
• Define cybersecurity policies, standards and procedures and ensure the SARB complies with these.
• Oversee and monitor the capability to proactively anticipate and detect threats to the SARB Group’s information and supporting systems.
• Oversee the proactive identification of security vulnerabilities in the SARB Group’s information systems, security architecture and security governance.
• Ensure the containment and mitigation of threats and vulnerabilities through the implementation of the SARB Group cyber and information security governance processes, architecture, procedures, policies, standards and awareness initiatives.
• Ensure an effective and efficient security response by overseeing the implementation of appropriate cyber and information security capabilities, including but not limited to endpoint security; network security, security information and event management; and security orchestration, automation and response, and by coordinating Cyber Security Incident Response Team (CSIRT) investigations and providing recommendations for improvement.
• Develop, implement and monitor staff training and awareness campaigns.
• Advocate for the application of sound cyber and information security practices at an institutional and individual level.
• Establish and maintain strategic stakeholder relationships with relevant board committees and individuals in the SARB and with its subsidiaries.
• Facilitate cooperation across the financial industry to prevent and mitigate cyber threats and, if necessary, chair/support an industry CSIRT to restore services to the industry.
• Facilitate cooperation, strategy and standards across Southern African Democratic Community central banks to prevent and mitigate cyber threats in the region.
• Facilitate (through chairing, where necessary) cooperation with international financial institutions (i.e. other central banks, the Bank for International Settlements and the International Monetary Fund) and participate in the Operational Security Situational Awareness Technology Group.
• Participate in the Brazil, Russia, India, China and South Africa (BRICS) cyber working group, leading the group approximately every five years.
• Ensure that the SARB is continuously compliant with legislative and regulatory requirements relating to cyber, privacy and information security, and update and implement identified standards and best practices (either in own team or through other internal teams).
• Ensure that cyber and information security risks across the SARB are identified and assessed and that mitigating actions are implemented and monitored.
• Define, implement and monitor a data protection strategy.
• Provide thought leadership on all aspects of cyber and information security to all stakeholders, including the SARB Board of Directors, the Governors’ Executive Committee and various subcommittees
• Manage the performance and development of direct reports and employee coaching and mentoring, and promote and support career management and development within the CISU.

Job requirements

To be considered for this position, candidates must be in possession of:

• an Honours degree in Business Management, Information Technology (IT) or an equivalent qualification; 
• advanced certification covering cyber/information governance and cyber/information security, including but not limited to Cyber Information Security Manager, Certified in Governance for Enterprise IT, Certified Information Systems Security Professional, Information Systems Security Architecture Professional/Engineering Professional/Management Professional, and/or an equivalent certification; and
• a minimum of 10 to 12 years’ experience in a cyber and information security-related field, with a minimum of 5 years’ experience in managing teams.

The following would be an added advantage:

• privacy certification; and
• a Master’s degree or an equivalent qualification in a related field.

Additional requirements include:

• enterprise information security architecture disciplines, processes, concepts and best practices knowledge and experience;
• counter-intelligence and cybersecurity-related investigations and procedures knowledge;
• knowledge of technological trends, threats and developments in the area of cyber, privacy and information security and risk management;
• technical security infrastructure, processes and procedures knowledge;
• IT quality assurance knowledge and skill;
• IT solution build, acquisition and implementation, including methodologies and toolsets, knowledge and skill; 
• the ability to lead change;
• the ability to create and drive purpose;
• a drive for results; 
• the ability to develop and grow others;
• effective communication skills;
• the ability to build and maintain relationships;
• impact and influence;
• the ability to foster collaboration; 
• analytical and problem-solving skills;
• judgement and decision-making skills;
• strategic thinking skills;
• conceptual thinking skills;
• the ability to manage complexity and ambiguity;
• innovation and creativity; and
• the ability to foster diversity and inclusion.

In line with the SARB’s commitment to diversifying its workforce, preference will be given to suitable candidates from designated groups. People with disabilities are welcome to apply.

The SARB offers remuneration and benefits commensurate with the level of the position and in line with the market. The level at which the successful applicant will be appointed will depend on his/her competence and experience.

About SARB

 

Primary mandate of the SARB

 

Section 224 of the Constitution of South Africa states the mandate of the SARB as follows:

The primary object of the South African Reserve Bank is to protect the value of the currency in the interest of balanced and sustainable economic growth in the Republic.

The South African Reserve Bank, in support of its primary objective, must perform its functions independently and without fear, favour or prejudice.

 

WHAT WE DO

 

Monetary Policy

 

The Constitution gives the SARB the mandate to protect the value of the rand. We use interest rates to keep inflation low and steady.

 

Financial Stability

 

The SARB has a mandate to protect and enhance financial stability. We identify and mitigate systemic risks that might disrupt the financial system.

 

Prudential Regulation

 

The Prudential Authority regulates financial institutions and market infrastructures to promote and enhance their safety and soundness, and support financial stability.

 

Financial Markets

 

Open market operations are the main tool we use to implement monetary policy. We manage South Africa’s gold and foreign exchange reserves.

 

Financial Surveillance

 

The SARB is responsible for regulating cross-border transactions, preventing the abuse of the financial system and supporting the regulation of financial institutions.

 

Payments and Settlements

 

The SARB is responsible for ensuring the safety and soundness of the national payment system, which is the backbone of South Africa’s modern financial system.

 

Statistics

 

The SARB provides important economic and financial statistics that present an overview of the economic situation in South Africa.

 

Research

 

Research conducted by the SARB focuses on economics, financial stability, banking and emerging trends in finance. Our research supports policy decision-making.

Banknotes and Coin

 

The SARB has the sole right to make, issue and destroy banknotes and coin in South Africa.