• Leading the information security team, responsible for establishing and maintaining Organisation information risk management program.
• Develop and articulate a shared vision for a “best in class”, Information security program to ensure information assets are adequately protected and Partnering with Organisation’s IT.
• Responsibilities include identifying, evaluating, protecting against and reporting on information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of Organisation.
• This position serves as the process owner of all ongoing activities related to the availability, integrity and confidentiality of customers, business partners, employees and business information in compliance with Organisation information security policies.
• Chair the Organisation technology Risk Committee, that brings together key security and risk stakeholders to develop and review Organisation enterprise security and risk strategies
• Develop, publish and maintain comprehensive information security standards, policies, procedures and guidelines.
• Provide assurance that Cryptographic processes and devices are managed in line with approved industry standards and Organisation policies.
• Develop, implement and monitor a strategic, comprehensive enterprise information security and risk management program to ensure the integrity, confidentiality and availability of information owned, controlled or processed by the Organisation.
• Develop a Cybersecurity framework and rollout plan to secure Organisation from internal and external threats.
• Ensure the effective and efficient management and control of functions/resources in accordance with the stipulations of the Public Financial Management Act, fraud prevention and risk management principles, legislation, company policies, processes, regulations.
• Manage performance of direct repartees ensuring agreement of annual goals, measuring performance against agreed goals and dealing with non-performance accordingly
• Talent management of direct reports, including career development and paths for all staff
• Bachelor’s degree in Computer Science, Information Systems, Computer Engineering, Systems Analysis or a related discipline (NQF Level 7).
• Information Security Certifications such as Certified Information Systems Security Professional Certification (CISSP) or Certified Information Security Manager (CISM) is advantageous.
• Minimum 7 years’ experience leading the information security system office and applying information security, risk management and privacy practices
• Minimum of 7 years practical experience designing and implementing enterprise information technology security
• Minimum of 7 years of practical experience working with information privacy and security laws (such as PCI-DSS, and data breach reporting laws), generally accepted information security principles, and accepted industry practice.
• Exposure to Cybersecurity Technologies and best practices.
• Good understanding of Cryptographic Processes and Device Management for Banks
• Experience with information disaster recovery planning and testing, auditing, risk analysis, business system resumption planning, and contingency planning.
• Experience working with the Security Regulation
• Excellent written and verbal communications skills with experience presenting to executives and leadership teams with the ability to communicate security and risk-related concepts to technical and non-technical audiences.
• Very strong business analysis skills, problem solving techniques, and follow-up
• Knowledge of national and international regulatory compliance and frameworks such as SOX, BASEL (xx), and PCI DSS