Gauteng Province

Head: Information Security

JOB PROFILE JOB TITLE Head: Information Security REPORTING TO (name) Group Chief Information Officer INCENTIVE SCHEME (Annual or Monthly) Annual NO. OF WORKING DAYS PER WEEK 5 MAIN PURPOSE OF THE JOB Information Security Leadership responsible for: Developing and execution of enterprise-wide information security and risk management strategies across the organization for the Bank to ensure strategic alignment of security controls and business needs. Leading the strategic development of the Information Security Program to manage cybersecurity risks, and support customer requirements relating to data confidentiality, integrity, availability and privacy in alignment with organization’s values, brand and regulatory standards. NO. OF SUBORDINATES 5 LOCATION Midrand Campus MINIMUM EDUCATION 15+ years’ experience in management Bachelor’s degree in Information System or related Certified Information Systems Security Professional(CISSP), Certified Information Privacy Professional (CIPP)and Certified Information Security Manager (CISM) or other InformationSecurity / IT audit certification (e.g. CISA, CGEIT, CRISC) isdesirable. Knowledge and competency in assessing, controlling andmanaging a variety of risks, with experience in riskexposure identification, risk evaluation, and risk control. Thoroughknowledge of the Banking industry policies & procedures. MINIMUM EXPERIENCE 15 years in Financial Services related information technology experience with primary responsibilities in a security related role. Some experience in the banking industry is strongly preferred. Must have experience in banking sector regulations. CRITICAL COMPETENCIES An understanding of financial services industry core banking applications and systems. Must be an intelligent, articulate and persuasive leader who can serve as an effective member of the senior management team and work collaboratively with regulators. Budgeting Skills Deep technology heritage to garner the respect of topsecurity technologists as well as the top leaders within the financial industry. Extensive knowledge of Information Security standards and best practices. (i.e., ISO 7799/27002, NIST, etc. Interpersonal skills Maintain a professional composure with vendor or internalcustomers in difficult situations. Management experience to be able to: Influence others and maintain organizational relationships with both business and IT. Maintain organizational respect and trust. Handle multiple tasks concurrently. Must possess the ability to build and develop a high-performing team of security professionals. Substantial exposure to data processing, hardware, platforms, enterprise software applications, including computing environments. Presentation and communication skills Project Management Rely on experience and judgment to plan and accomplish initiatives. Serve as a resource to others in the resolution of complex problems. Delegate and review the work of employees. BEHAVIOURAL ATTRIBUTES Accuracy Adaptability to change Analytical thinking Attention to detail Coping with Pressures and Setbacks Creating & Innovating Deciding & Initiating Action Formulating Strategies and Concepts Independent Integration/Holistic thinking Intuitive Thinking Logical reasoning Problem solving   NO. KEY RESULT AREAS KEY PERFORMANCE INPUTS / ACTIVITIES 1. Treating Customers Fairly and Compliance Create and maintain productive relationships with internal and external clients by providing advice and assistance Create understanding of the ‘real’ versus ‘perceived’ need through experience and expertise while complying with company policies, legislation and regulations Keep the client informed about progress through written communication, telephone communications, and/or face-to-face meetings Build a positive image by exceeding client expectations at all times Treat internal and external customers fairly at all times 2 Management of Resources Manage and develop subordinate(s): Performance management in terms of contracting, reviews and poor performers, Training and development, Employee relations Manage people efficiencies through leave management, headcount budget, fixed term contracts, staff movements, secondments, staff utilization Take appropriate disciplinary measures as required Facilitate induction of new staff within one month of joining the organization 3 Strategic Responsible for the strategic leadership of the organization to establish an inclusive and comprehensive information security program, policies, procedures and controls in support of business development, growth and regulatory standards. Lead information security planning processes information security program for the organization and work with executive leadership to prioritize security initiatives and spending based on appropriate risk management and/or financial methodology. Establish annual and long-range information security and compliance goals, define security strategies, metrics and reporting mechanisms; Create maturity models and a roadmap for continual information security program enhancements that will inspire the balance between the need to protect the organization and the need to run the business Stay abreast of current industry best practices, information security issues and regulatory changes affecting the financial services industry and communicate potential impact or need for strategic realignment to executive leadership. Provide a leadership philosophy for the Information Security department that creates a strong bridge between IT, Business and Banking Operations to ensure an information security culture that values the contributions of others promoting a collaborative working environment, bringing organization leaders together to share information and resources for better information security decisions that remove barriers and realize possibilities. Reviews and forecasts trends and tendencies to provide visionary and forward-looking approaches of the potential information security impact to the organization given the existing control environment. 4 Policy Compliance and Audit Ensure Information Security Program is in compliance with industry standards and other industry specific regulations. Lead the development and implementation of effective and reasonable Information Security policies and practices to secure sensitive data and ensure information security compliance with regulatory and legal standards Work with Internal Audit, regulatory agencies and outside consultants as appropriate for independent security audits, required security assessments and forensic analysis as needed. Maintain excellent relationships with audit entities and provide a consistent perspective in alignment with the organization’s mission and values. Provide guidance, evaluation and subject matter expertise on audit responses. 5 Monitoring and Incident Response Provide strategic direction for the Information Security Monitoring Program including the security operations center, vulnerability management and access entitlement reviews including ensuring appropriate oversight of the management of access privileges internally and externally to customers. Provide strategic direction and oversight of the organization Incident Response Plan and act as primary control point during significant information security incidents. Oversee the investigation of security breaches and assist with disciplinary and legal matters associated with such breaches as necessary. 6 Risk Management and Access Management Oversee the development and reporting of Key Risk and Key Performance Indicators for the Information Security Program in alignment with the organization Enterprise Risk Management Program. Provide…

Head: Information Security Read More »

Lead Solution Analyst

Special Categories Ensure that all activities and duties are carried out in full compliance with regulatory requirements, Enterprise-Wide Risk Management Framework and “BANK’s” Policies and Policy Standards. Understand and manage risks and risk events (incidents) relevant to the role. Overall job purpose Work in high complexity environments, fully embedded in a DevOps team, leveraging specialist analysis tools, frameworks, techniques, and practices to elicit, define and organize business requirements, across multiple stakeholder groups. Translate & document these business requirements into user stories & specifications (Full Stack, Cross System) detailing integration points, business & associated risk / opportunities to be realised. And following this analysis, work collaboratively within squads to ensure the business requirements are met through DevOps design & delivery activity & lead the application of testing processes & frameworks ensuring all products & services are effectively tested. Business complexity is determined by: Customer Impact; Number of integration points:a. Data; Teams to talk to Systems; Enabling function; 3rd party vs. internal. Complexity of business rules & Processes; Level of operational readiness; Introduction of new or changing old Tech (e.g., redo platforms). Key accountabilities Analysis (including Business Case) Lead the analysis process for complex business areas; Proactively build relationships, apply analytical techniques to elicit and validate business (product & service) needs ahead of demand; Implement routines to get to know / become an expert in various business processes (e.g., spend time in business & with users); Translate elicited needs and knowledge acquired into user story format that is immediately usable for DevOps teams (right language, format for building & testing); Prepare and prioritise the backlog of requirements for the user stories linked to the proposed solutions; Proactively scan the internal & external environment to predict change requirements & opportunities for improvement ahead of demand (e.g., market, risk, regulatory, customer, organizational change etc.); Work collaboratively with Tribe Leads (Technical Product / Service Owners) to build a roadmap & vision for the products and services (including detailed analysis requirements & solution scope); Define measures of success & key outcomes for various solutions / changes including detailed acceptance criteria for all features; Define testing requirements (pass or fail test cases); Support the development of detailed business cases (including defining solution characteristics, effort estimations etc). Solution Design (within DevOps Context) Translate business requirements into an integrated system vision & detailed system requirement; Detailed system requirements must include all capabilities, interfaces and functionalities within and across technologies; Build detailed user stories to be leveraged for system requirements design (modular); Leverage business analysis & modelling tools and apply notation standards such as UML/BPMN to diagrammatically/visually document: business requirements, business processes, system processes & integration; Facilitate processes to ensure integrated requirements are socialized, understood & approved across the broad range of stakeholders to be impacted (this includes various processes e.g., risk / governance forums, change council, scrum meetings / DevOps team capability building, solution design sessions etc.) Understand & leverage knowledge on the organisations technical landscape, environment and broader architecture to define integration points across tech stacks for various requirements; Work collaboratively with project / program teams, squads, scrum masters and engineers to define backlog, release & DevOps / project planning implications of the requirements development & roadmap (what should happen when); Work as part of the embedded DevOps team to continuously improve system requirements mapping (e.g., leverage input from questions asked etc. to consistently improve the quality of the requirements analysis for easier interpretation by the development teams); Work as part of the embedded DevOps team throughout the design process to review solution design (features and functionality); Facilitate resolution & decision-making during development & testing phases for any change requirements. Solution Delivery & Testing (manual) Define the manual testing strategy & test cases for various solutions (where it makes sense to do so); Define & validate quality & testing parameters (+/-) & plans for the solution (socialize & translate these to automation testing teams); Develop manual testing frameworks and patterns for the solution; Lead the manual testing process for various solutions (e.g., execute test cases, analyse results); Provide real time feedback to the DevOps teams on change requirements identified throughout the testing process; Review & monitor system stability, resilience etc. throughout the testing process (e.g. integration) & in production; Define & monitor overall backlog planning for effective solution delivery; Provide Developer & User support during user acceptance testing. Process Design & Modelling Provide input & or lead the development / improvement of organization wide process design approaches, templates & modelling tools. People Provide coaching & mentoring across the DevOps team as well as to developing analysts across the estate; Build strong analysis capability across the analysis team; Conduct peer reviews & problem solving within and across the broader team; Provide technical subject matter expertise and support in the attraction and recruitment of Analysts for the organization; Participate as a subject matter expert in the development & development planning of the broader analyst team; Support the people change teams in the design of adoption processes (Customer, Employee & 3rd Party Adoption of new system requirements); Proactively attract, recruit, develop, retain, reward & deploy & manage a diverse resource base aligned to an ever-evolving tech environment (ahead of demand) where you are the leader. Education and experience required 10+ years business & systems analysis experience; 10+ Years’ Experience in working with multidisciplinary teams; Experience in Agile Methodology & working embedded within an Agile team / teams; Proven track record in coaching, mentoring & managing people; Degree or Diploma in computer science, commerce or business administration; Information Systems Analyst certification from Institute for the Certification of Computing Professional expert level; Banking domain experience, preferred; Expertise in Systems Design & Integration; Testing Certification (preferred); Expertise in Development; Expertise in Business Continuity Management & Disaster Recovery; Expertise in Governance, Compliance & Audit; Expertise in Quality Assurance & Testing; Expertise in Systems & integration design. Competencies: (Maximum of 8 competencies) Examining Information; Documenting Facts; Adopting Practical Approaches; Articulating Information; Interacting with People; Exploring Possibilities; Team Working; Challenging Ideas. CVs and Qualifications to be sent to Sifiso@ndosikamagayesp.co.za and Portiam@ndosikamagayesp.co.za.The closing date for receipt of…

Lead Solution Analyst Read More »