IT

JOB PROFILE JOB TITLE Head: Information Security REPORTING TO (name) Group Chief Information Officer INCENTIVE SCHEME (Annual or Monthly) Annual NO. OF WORKING DAYS PER WEEK 5 MAIN PURPOSE OF THE JOB Information Security Leadership responsible for: Developing and execution of enterprise-wide information security and risk management strategies across the organization for the Bank to ensure strategic alignment of security controls and business needs. Leading the strategic development of the Information Security Program to manage cybersecurity risks, and support customer requirements relating to data confidentiality, integrity, availability and privacy in alignment with organization’s values, brand and regulatory standards. NO. OF SUBORDINATES 5 LOCATION Midrand Campus MINIMUM EDUCATION 15+ years’ experience in management Bachelor’s degree in Information System or related Certified Information Systems Security Professional(CISSP), Certified Information Privacy Professional (CIPP)and Certified Information Security Manager (CISM) or other InformationSecurity / IT audit certification (e.g. CISA, CGEIT, CRISC) isdesirable. Knowledge and competency in assessing, controlling andmanaging a variety of risks, with experience in riskexposure identification, risk evaluation, and risk control. Thoroughknowledge of the Banking industry policies & procedures. MINIMUM EXPERIENCE 15 years in Financial Services related information technology experience with primary responsibilities in a security related role. Some experience in the banking industry is strongly preferred. Must have experience in banking sector regulations. CRITICAL COMPETENCIES An understanding of financial services industry core banking applications and systems. Must be an intelligent, articulate and persuasive leader who can serve as an effective member of the senior management team and work collaboratively with regulators. Budgeting Skills Deep technology heritage to garner the respect of topsecurity technologists as well as the top leaders within the financial industry. Extensive knowledge of Information Security standards and best practices. (i.e., ISO 7799/27002, NIST, etc. Interpersonal skills Maintain a professional composure with vendor or internalcustomers in difficult situations. Management experience to be able to: Influence others and maintain organizational relationships with both business and IT. Maintain organizational respect and trust. Handle multiple tasks concurrently. Must possess the ability to build and develop a high-performing team of security professionals. Substantial exposure to data processing, hardware, platforms, enterprise software applications, including computing environments. Presentation and communication skills Project Management Rely on experience and judgment to plan and accomplish initiatives. Serve as a resource to others in the resolution of complex problems. Delegate and review the work of employees. BEHAVIOURAL ATTRIBUTES Accuracy Adaptability to change Analytical thinking Attention to detail Coping with Pressures and Setbacks Creating & Innovating Deciding & Initiating Action Formulating Strategies and Concepts Independent Integration/Holistic thinking Intuitive Thinking Logical reasoning Problem solving   NO. KEY RESULT AREAS KEY PERFORMANCE INPUTS / ACTIVITIES 1. Treating Customers Fairly and Compliance Create and maintain productive relationships with internal and external clients by providing advice and assistance Create understanding of the ‘real’ versus ‘perceived’ need through experience and expertise while complying with company policies, legislation and regulations Keep the client informed about progress through written communication, telephone communications, and/or face-to-face meetings Build a positive image by exceeding client expectations at all times Treat internal and external customers fairly at all times 2 Management of Resources Manage and develop subordinate(s): Performance management in terms of contracting, reviews and poor performers, Training and development, Employee relations Manage people efficiencies through leave management, headcount budget, fixed term contracts, staff movements, secondments, staff utilization Take appropriate disciplinary measures as required Facilitate induction of new staff within one month of joining the organization 3 Strategic Responsible for the strategic leadership of the organization to establish an inclusive and comprehensive information security program, policies, procedures and controls in support of business development, growth and regulatory standards. Lead information security planning processes information security program for the organization and work with executive leadership to prioritize security initiatives and spending based on appropriate risk management and/or financial methodology. Establish annual and long-range information security and compliance goals, define security strategies, metrics and reporting mechanisms; Create maturity models and a roadmap for continual information security program enhancements that will inspire the balance between the need to protect the organization and the need to run the business Stay abreast of current industry best practices, information security issues and regulatory changes affecting the financial services industry and communicate potential impact or need for strategic realignment to executive leadership. Provide a leadership philosophy for the Information Security department that creates a strong bridge between IT, Business and Banking Operations to ensure an information security culture that values the contributions of others promoting a collaborative working environment, bringing organization leaders together to share information and resources for better information security decisions that remove barriers and realize possibilities. Reviews and forecasts trends and tendencies to provide visionary and forward-looking approaches of the potential information security impact to the organization given the existing control environment. 4 Policy Compliance and Audit Ensure Information Security Program is in compliance with industry standards and other industry specific regulations. Lead the development and implementation of effective and reasonable Information Security policies and practices to secure sensitive data and ensure information security compliance with regulatory and legal standards Work with Internal Audit, regulatory agencies and outside consultants as appropriate for independent security audits, required security assessments and forensic analysis as needed. Maintain excellent relationships with audit entities and provide a consistent perspective in alignment with the organization’s mission and values. Provide guidance, evaluation and subject matter expertise on audit responses. 5 Monitoring and Incident Response Provide strategic direction for the Information Security Monitoring Program including the security operations center, vulnerability management and access entitlement reviews including ensuring appropriate oversight of the management of access privileges internally and externally to customers. Provide strategic direction and oversight of the organization Incident Response Plan and act as primary control point during significant information security incidents. Oversee the investigation of security breaches and assist with disciplinary and legal matters associated with such breaches as necessary. 6 Risk Management and Access Management Oversee the development and reporting of Key Risk and Key Performance Indicators for the Information Security Program in alignment with the organization Enterprise Risk Management Program. Provide…