Urgent

Head Information Security

Full time Bank Profile in IS Audit
  • Post Date: September 3, 2024
  • Apply Before : October 3, 2024
  • Salary: Negotiable
  • Applications 1
  • View(s) 50
Email Job
  • Share:

Job Detail

  • Career Level Executive
  • Experience 8 Years +
  • Gender N/A
  • Industry Banking
  • Qualifications Degree Bachelor

Job Description

QUALIFICATIONS/EXPERIENCE

  • Degree in Information technology or Business Commerce.
  • Good working knowledge and experience with the implementation and management of information security policies and frameworks within a corporate environment.
  • Management experience working with individuals and teams from diverse cultures.
  • Strong IT understanding, gaining insight into digital and platform operating models and cyber security trends and solutions.
  • Experience in an InfoSec or Audit role within the banking and /or financial services sector. Experience working in a multi-vendor and outsourced and multi-system IT environment. Sound knowledge of policies (including but not limited to Protection of Personal Information Act (POPI), financial market acts, International Financial Reporting Standards (IFRS) and Business Unit specific regulatory requirements/legislation. Knowledge of DAMA Framework for end-to-end Information.

 

KEY RESULT AREAS

  • Adhere to all local regulations as it relates to reporting of security incidents or getting approval for any outsource arrangements / offshoring where applicable
  • Adopt the Group Information Security measurement and reporting frameworks and processes in Country, report on Information Security breaches, non-compliance and deviations, achievement of Group KPIs and recommend mitigating strategies based on Information Security trends.
  • Adopt the Risk Viability Feasibility (RVF) framework to ensure sufficient protection of clients’ money, data and time (aiming to reduce / mitigate the three risks that security strategies).
  • Analyse critical vulnerabilities, establish country applicability and formulate plans and actions to address security issues in the short and long run as needed.
  • Anticipate local trends, identify probabilities and interpret impact in the country technology, use as input to adapt the country security strategy.
  • Apply knowledge of domestic banking industry, including knowledge of regulatory requirements of local markets e.g., SARB, UK, Nigeria to make visible and influence data protection information security requirements enabling Country Business strategies, and ensuring that personal data is handled in accordance with an individual’s rights and privacy as determined by the Risk Reporting and Rest of Africa implementation of the Risk Data Aggregation and Risk reporting (RDARR) programme.
  • Assess information security risks and trends in attacks and tactics in Country, and develop the overall Information Security strategy in Country, in collaboration with Group Information Security.
  • Collaborate with suppliers and or contractors to explain and enforce SBG Information security policies to ensure the protection of intellectual property and data in Country.
  • Conduct information security assessments against all critical third parties / material outsource arrangements in country against
    Group standards and ensure that risks are appropriately managed.
  • Develop fit for purpose risk remediation plans, supported by the country security RVF strategy, based on identified information security risks, vulnerabilities, audit findings, policies and regulatory requirements and follow up on all audit findings and provide guidance, supervision and assistance in the implementation of remedial action to prevent significant reputational, financial or other losses in country.
  • Develop internal Information Security expertise and awareness through regular updates, awareness sessions and coaching of Technology and Operations staff to improve the security posture in Country.
  • Develop situational awareness by attending industry forums (e.g. financial institutions, professional bodies) to build networks,
    share knowledge, keep abreast of trends, and obtain knowledge that will contribute to the Groups situational awareness, and enable the achievement of Information Security strategies and objectives in Country.

Required skills

Other jobs you may like