Head: Information Security

Posted time May 24, 2023 Location Gauteng Province Job type Full-time

JOB PROFILE

JOB TITLE

Head: Information Security

REPORTING TO (name)

Group Chief Information Officer

INCENTIVE SCHEME (Annual or Monthly)

Annual

NO. OF WORKING DAYS PER WEEK

 5

MAIN PURPOSE OF THE JOB

Information Security Leadership responsible for:

Developing and execution of enterprise-wide information security and risk management strategies across the organization for the Bank to ensure strategic alignment of security controls and business needs. Leading the strategic development of the Information Security Program to manage cybersecurity risks, and support customer requirements relating to data confidentiality, integrity, availability and privacy in alignment with organization’s values, brand and regulatory standards.

NO. OF SUBORDINATES

 5

LOCATION

Midrand Campus

MINIMUM EDUCATION
  • 15+ years’ experience in management
  • Bachelor’s degree in Information System or related
  • Certified Information Systems Security Professional(CISSP), Certified Information Privacy Professional (CIPP)and Certified
  • Information Security Manager (CISM) or other InformationSecurity / IT audit certification (e.g. CISA, CGEIT, CRISC) isdesirable.
  • Knowledge and competency in assessing, controlling andmanaging a variety of risks, with experience in riskexposure
  • identification, risk evaluation, and risk control. Thoroughknowledge of the Banking industry policies & procedures.

MINIMUM EXPERIENCE
  • 15 years in Financial Services related information technology experience with primary responsibilities in a security related role.
  • Some experience in the banking industry is strongly preferred.
  • Must have experience in banking sector regulations.

CRITICAL COMPETENCIES
  • An understanding of financial services industry core banking applications and systems.
  • Must be an intelligent, articulate and persuasive leader who can serve as an effective member of the senior management team and work collaboratively with regulators.
  • Budgeting Skills
  • Deep technology heritage to garner the respect of topsecurity technologists as well as the top leaders within the financial industry. Extensive knowledge of Information Security standards and best practices. (i.e., ISO 7799/27002, NIST, etc.
  • Interpersonal skills
  • Maintain a professional composure with vendor or internalcustomers in difficult situations.
  • Management experience to be able to:
  • Influence others and maintain organizational relationships with both business and IT.
  • Maintain organizational respect and trust.
  • Handle multiple tasks concurrently.
  • Must possess the ability to build and develop a high-performing team of security professionals. Substantial exposure to data processing, hardware, platforms, enterprise software applications, including computing environments.
  • Presentation and communication skills
  • Project Management
  • Rely on experience and judgment to plan and accomplish initiatives. Serve as a resource to others in the resolution of complex problems. Delegate and review the work of employees.

BEHAVIOURAL ATTRIBUTES
  • Accuracy
  • Adaptability to change
  • Analytical thinking
  • Attention to detail
  • Coping with Pressures and Setbacks
  • Creating & Innovating
  • Deciding & Initiating Action
  • Formulating Strategies and Concepts
  • Independent
  • Integration/Holistic thinking
  • Intuitive Thinking
  • Logical reasoning
  • Problem solving

 

NO. KEY RESULT AREAS

KEY PERFORMANCE INPUTS / ACTIVITIES
1.

Treating Customers Fairly and Compliance
  • Create and maintain productive relationships with internal and external clients by providing advice and assistance
  • Create understanding of the ‘real’ versus ‘perceived’ need through experience and expertise while complying with company policies, legislation and regulations
  • Keep the client informed about progress through written communication, telephone communications, and/or face-to-face meetings
  • Build a positive image by exceeding client expectations at all times
  • Treat internal and external customers fairly at all times
2

Management of Resources
  • Manage and develop subordinate(s): Performance management in terms of contracting, reviews and poor performers, Training and development, Employee relations
  • Manage people efficiencies through leave management, headcount budget, fixed term contracts, staff movements, secondments, staff utilization
  • Take appropriate disciplinary measures as required
  • Facilitate induction of new staff within one month of joining the organization
3

Strategic
  • Responsible for the strategic leadership of the organization to establish an inclusive and comprehensive information security program, policies, procedures and controls in support of business development, growth and regulatory standards.
  • Lead information security planning processes information security program for the organization and work with executive leadership to prioritize security initiatives and spending based on appropriate risk management and/or financial methodology.
  • Establish annual and long-range information security and compliance goals, define security strategies, metrics and reporting mechanisms; Create maturity models and a roadmap for continual information security program enhancements that will inspire the balance between the need to protect the organization and the need to run the business
  • Stay abreast of current industry best practices, information security issues and regulatory changes affecting the financial services industry and communicate potential impact or need for strategic realignment to executive leadership.
  • Provide a leadership philosophy for the Information Security department that creates a strong bridge between IT, Business and Banking Operations to ensure an information security culture that values the contributions of others promoting a collaborative working environment, bringing organization leaders together to share information and resources for better information security decisions that remove barriers and realize possibilities.
  • Reviews and forecasts trends and tendencies to provide visionary and forward-looking approaches of the potential information security impact to the organization given the existing control environment.
4

Policy Compliance and Audit
  • Ensure Information Security Program is in compliance with industry standards and other industry specific regulations.
  • Lead the development and implementation of effective and reasonable Information Security policies and practices to secure sensitive data and ensure information security compliance with regulatory and legal standards
  • Work with Internal Audit, regulatory agencies and outside consultants as appropriate for independent security audits, required security assessments and forensic analysis as needed.
  • Maintain excellent relationships with audit entities and provide a consistent perspective in alignment with the organization’s mission and values.
  • Provide guidance, evaluation and subject matter expertise on audit responses.
5

Monitoring and Incident Response
  • Provide strategic direction for the Information Security Monitoring Program including the security operations center, vulnerability management and access entitlement reviews including ensuring appropriate oversight of the management of access privileges internally and externally to customers.
  • Provide strategic direction and oversight of the organization Incident Response Plan and act as primary control point during significant information security incidents.
  • Oversee the investigation of security breaches and assist with disciplinary and legal matters associated with such breaches as necessary.
6

Risk Management and Access Management
  • Oversee the development and reporting of Key Risk and Key Performance Indicators for the Information Security Program in alignment with the organization Enterprise Risk Management Program.
  • Provide Strategic direction for the organization’s Information Security Risk Assessment Program to include Regulatory assessments and Cybersecurity Self Assessments.
  • Oversee the design and development of Information Security requirements for the acquisition, management and maintenance of third party service provider to support the organization’s enterprise wide vendor management program.
  • Provide strategic direction to the Information Security office to ensure security control recommendations are implemented for all the organization’s new projects, products and services.
  • Provide strategic direction for the Identity & Access Management program, and standards for delivering of enterprise-wide identity and access for employees and vendors to the organization’s systems and applications.
7

Outreach Education and Training
  • Form collaborative partnership with law enforcement and other authorities to stay abreast of potential threats to the financial services industry.
  • Participate in Information Security efforts with the public and private sector to understand possible information security implications to the organization
  • Responsible for the strategy, design and development of Customer and Employee Information Security Awareness Program promoting security awareness and advising on security issues, best practices, and vulnerabilities throughout the organization and its customers.
  • Educate and advise members of executive, business and IT on information security best practices and provide recommendations and guidance on implementation or enhancements of IT controls.
  • Mentor the Information Security team members and implement professional development plans for all members of the team to further develop their skills and increase staff retention.
8

Collaboration, Finance and Human Capital Responsibilities
  • Member of SABRIC CSIRT Steering Committee
  • Present to Board Risk, Board Audit and Executive Committees asnecessary
  • Manage, assist and supervise staff on a daily basis.
  • Evaluate staff performance and recommend compensation accordingly
  • Efficient and effective performance management of staff with direct responsibility including hiring, performance management, coaching, annual reviews, salary administration, and staff development
  • Responsible for formulating budgets and financial plans, selection and requisition of major equipment and materials, and monitoring of ongoing expenses
9

POPI Compliance
  • To encourage compliance with POPI.
  • Dealing with requests made to the organisation in relation to POPI.
  • As may be prescribed.

Applications to be sent to Sifiso@ndosikamagayesp.co.za and Portiam@ndosikamagayesp.co.za

This job is Expired