Standard Bank Group is a leading Africa-focused financial services group, and an innovative player on the global stage, that offers a variety of career-enhancing opportunities – plus the chance to work alongside some of the sector’s most talented, motivated professionals. Our clients range from individuals, to businesses of all sizes, high net worth families and large multinational corporates and institutions. We’re passionate about creating growth in Africa. Bringing true, meaningful value to our clients and the communities we serve and creating a real sense of purpose for you.
Job DescriptionTo implement the Group Cyber Resilience strategy securing platforms ecosystems 3rd party integration protecting sensitive data, applications and supporting infrastructure from infiltration or misuse guiding security capabilities in client segment and solutions. Facilitate security services ensuring that policies, standards and controls are embedded to prevent reputational, financial or other losses and compliance with regulatory requirements. Educate employees about their InfoSec responsibilities
QualificationsA degree in Business Commerce, Information Technology, Risk Management.Experience:
5-7 years experience in an information security or Audit role within the banking and /or financial services sector. Experience working in a multi-vendor and outsourced and multi-system IT environment.5-7 years Good working knowledge and experience with the implementation and management of information security policies and frameworks within a corporate environment. Management experience working with individuals and teams from diverse cultures.5-7 years Strong IT understanding, gaining insight into digital and platform operating models and cyber security trends and solutionsAdditional InformationKey Responsibilities:
Alert the responsible stakeholders where there is non-compliance to Cyber Resilience Policies and Standards, and work with them to identify and recommend practical and feasible remediation plans and technical solutions Assess information security maturity scores and guide the implementation thereof for continual awareness and prioritisation efforts and ensure compliance to information security standards is monitored.Collaborate with feature teams, product owners, architecture, IT, business, vendors and other stakeholders to investigate risk remediation controls Collaborate with threat intelligence, cybersecurity, security engineering and other risk functions to develop and maintain a holistic information security strategy and remediation plansCommunicate and raise awareness regarding policies in the business, technology and risk communities. Conduct information security assessments and provide specialist advice and guidance on critical third parties / material outsource arrangements in client segments and solutions to ensure information security risks are identified and appropriately mitigatedCreate awareness of security trends and threats to the technology and operations executives and broader stakeholder group on the back of new threat and risk intelligence. Proactively create awareness on recurring risk themes Develop a cost-conscious risk treatment plan based on identified risks, threats, vulnerabilities, audit findings, policies and regulatory requirements.Develop a security assessment schedule and conduct reviews of applications, systems, underlying infrastructure and related processes as per the scheduleDevelop InfoSec expertise and awareness that is fit for purpose, and consider a range of risk data points e.g. audit findings, security risk assessments, emerging threats and risks, and incidents. Conduct regular updates, awareness sessions, training and coaching of stakeholders to improve the security posture across the organisation and to share knowledge on emerging security technologies, industry trends, specific strategies and tools.Document and track security findings into a formal risk register. Provide the necessary information to support any deviation to Cyber Resilience policies and standards. Drive a positive risk culture establishing appropriate Cyber risk oversight and governance processes and structures, guiding compliance to all information and cyber security regulations.Engage with suppliers and /or contractors to share Cyber Resilience policies and standards, ensuring the protection of intellectual property and data across all platforms, influencing their decision making
Behavioural Competencies:
Adopting Practical ApproachesArticulating InformationChecking DetailsDirecting PeopleExamining InformationExploring PossibilitiesInterpreting DataMaking DecisionsProviding InsightsPursuing GoalsShowing ComposureUpholding StandardsTechnical Competencies:
Benefits ManagementInformation SecurityInternal & External IT EnvironmentIT Risk ManagementKnowledge of Banking & Financial ServiceStakeholder Management (IT)