Business IS & Data Officer at Nedbank

Job Purpose

To support the business cluster in the implementation and execution of the cyber resilience risk management framework that includes implementation of cyber risk assessments, strategy, cyber security programme, policies, standards, reporting of all cluster-specific cyber security programme elements and regulatory matters as it relates to cyber security.

Job Responsibilities

• Become the information security expert for the cluster by providing expert advice on information security matters.

• Build and maintain professional relationships by information sharing and professional networking within the bank.

• Build and maintain internal stakeholder relationships through collaboration with stakeholders and regular communiction via various media.

• Drive compliance to security policies and standards on cluster infrastructure.

• Primary interface between the cluster and the CISO office.

• Represent business an an Information Security representative on the ISSC; ensure alignment and implementation of CRRMF in clusters.

• Assist the cluster in the completion of cyber secuity risk assessments ensuring that they are understood, captured in the risk management processes that appropriate controls are embedded in the day-to-day operation, and remediation of non-compliance is documented and addressed.

• Report of all cluster specific information security programme elements; work closely together with all stakeholders.

• Actively executes the cyber security programme elements and other information and cyber security plans developed by the business.

• Assist the cluster with identification of critical assets ("crown jewels") and feeding that back into the business impact analysis and risk management processes.

• Work with the business to develop processes and procedures to ensure information security policies and standards are integrated and assist with third party supplier information and cyber security risk assessments and assurance.

• Support the achievement of the business strategy, objectives, and values by ensuring delivered systems, process, services and solutions are aligned.

• Identify training courses and career progression for self through input and feedback from management.

• Ensure all personal development plan activities are completed within specified timeframe.

• Share knowledge and industry trends with team and stakeholders during formal and informal interaction.

• Obtain buy-in for developing new and/or enhanced processes (e.g. operational processes) that will improve the functioning of stakeholders businesses by highlighting benefits in support of the implementation or recommendations.

• Contribute to a culture conducive to the achievement of transformation goals by participating in Nedbank Culture building intiatives (e.g. staff surveys etc).

People Specification

Essential Qualifications - NQF Level

• Professional Qualifications/Honour’s Degree

Preferred Qualification

Master's Degree

Preferred Certifications

• Certified Information System Manager (CISM);

• Certified Risk and Information Systems Control (CRISC);

• Certified Information System Auditor (CISA);

• Certified Information Systems Security Professional (CISSP).

Type of Exposure

• Analysing situations or data that requires an evaluation of multiple factors

• Displaying high level of ethics, integrity and confidentiality

• Conducting root cause analysis

• Information security investigations e.g. virus outbreaks

• Conducting digital forensic analysis

• Presenting to senior leaders

• Networking and building relationships

• Monitoring adherence and compliance

• Conducting Business Continuity planning and testing

• Conducting Business Impact Analysis

• Implementing governance frameworks; architecture policies; procedures and standards

• Conducting research from multiple sources

• Identifying business risks

• Managing a team of people

Minimum Experience Level

Minimum 5 years experience in Information Security Risk.

Technical / Professional Knowledge

• Business continuity standard

• Digital computing (hardware components)

• Digital forensic tools and techniques

• Ethics and Fraud

• Forensic examination

• Information systems

• International Security Forum (ISF) Standards

• Nedbank policies and procedures

• Nedbank vision and strategy

• Relevant software and systems knowledge

• Relevant regulatory, compliance and risk legislation

Behavioural Competencies

• Earning Trust

• Continuous Learning

• Decision Making

• Facilitating Change

• Influencing

• Technical/Professional Knowledge and Skills