Head: Cyber Assurance - Houghton at SBV Services (Pty) Ltd.

Purpose of the Position: 

• Responsible to evaluate the system and network enterprise environments of SBV and use technical knowledge and analytical skill to determine the optimum mix of technology, policy, procedures, and education to implement effective cyber security programs and strategies. This will include the establishment and management of program control processes, compliance assessments to determine deviations from acceptable configurations, policy, or standards, and provides oversight in compliance requirements for internal and external reviews.

Key Performance Areas (KPAs):

Manage strategic alignment linked to the Cyber Assurance programme of SBV:

• Establish and lead 2nd line of defence Risk capabilities for Cyber risk within SBV to provide confidence to SBV that Cyber controls and practices developed and provided are fit-for-purpose, reliable, resilient, secure and adaptable to meet changing needs.
• Provide input into the Departmental Strategy linked to the Long-term Company Strategy 
• Responsible for leading the Cyber Security Assurance program which will continually provide an independent view of the control framework in SBV and will act as a stimulus for action for identified risks or concerns
• Contribute to the development of organisational strategies and plans that contribute to information security and help to translate any investment decisions required in terms of risk and compliance with legislation, regulation and relevant standards.
• As an established authority in Cyber Security risk and control, provide SME input and support to maintain that the risks relevant to SBV and the cash value chain are identified and kept current, in line with the overall SBV risk appetite.
• Participate in industry cyber security forums as required to monitor Cyber risks trends and possible impact to SBV is incorporated into feedback and possible scope changes for the assurance Programme.
• Participate and support corporate responsibility initiatives for the achievement of business strategy.

Cyber Assurance Process and systems management:

• Manage, develop, implement, and review industry-standard IT assurance frameworks, policies, procedures and standards; and build a tailored and dynamic multi-year assurance plan
• Responsible for driving the cyber security controls assurance programme and assurance initiatives.
• Responsible for confirming that the risk and control measures are maintained and communicated across the divisions to key stakeholders. • Influence divisions to improve their cyber security controls with the strive to make the division more secure from internal and external threats.
• Lead and influence key owners and collaborators such as CTO’s and Head of Cyber Security to support that they understand how the assurance program drives improvement in cyber security risk across SBV.
• Establishes positive relationships with cyber security teams and Technology teams to protect SBV with robust controls.
• Provide SME input and support for maintaining that the Cyber Security policy is up to date in line with the current Cyber Security risks.
• Knowledgeable of cyber security controls and operating models, with a wide network of relevant partners, providing consultancy to internal and external stakeholders to the benefit of SBV.
• Identify cyber risk areas that require additional focus across SBV and prepare risk briefings which include pragmatic recommendations for remediation.  Identify potential opportunities for improving the cyber security control environment collaborating with internal stakeholders for minimal impact to partners.
• Verify the assurance processes and tools are fit for a program delivering across all divisions and, where possible, drive efficiencies via automation.
• Design and report relevant metrics and related key performance indicators (KPIs) for the Cyber Security Assurance program which will demonstrate the efficiency of the program. This reporting to include: 1) Concise risk reports based on the assurance test results (design & efficiency) are produced that can be understood by all business partners (including board level, internal & external audit and risk management). 2) Report and supervise progress of remediation tracking activities by the brands. 3) Working with the Cyber Security team and aligning to SBV standards, provision of reporting and transparency at multiple stakeholder levels is vital.
• Provide risk insights i to the governance and oversight forums/committees as the need arises.
• Evaluate the design and effectiveness of IT controls and working with auditors/regulators for these types of assessments.
• Communicate audit/assessment results and remediation plans with leadership and prioritizing and remediating findings with service/system owner.
• Collaborate with internal and external stakeholders to plan, prepare, schedule, and coordinate internal assessments and external audits.
• Perform assessments of systems and networks within our environment and identify where those systems and networks deviate from acceptable configurations, enterprise policy, or local standards.
• Identify security and compliance gaps and partner with system owner and stakeholders to appropriately remediate.
• Generate awareness of assessment results, facilitate, and prepare system security plans and update the plan of actions and milestones.
• Perform security analysis of operational and development environments, threats, vulnerabilities, and internal interfaces to define and assess compliance within accepted standards.
• Assess, communicate, and partner with our business and systems owners to determine security control efficacy, solutions within constraints, and facilitate justifiable confidence in the system's security posture.

Sustainability of the organisation through driving continuous improvement and efficiency programmes of work within the Africa Portfolio:

• Continually review operations, procedures, systems and performance against business plans, budgets and progress of programmes and projects.
• Seek opportunities to improve business processes, models, and systems through agile thinking. • Lead continuous improvement of the quality of assessments through providing professional insights.
• Operate and contribute to continuous improvement of information security assurance processes and systems.
• Build and evaluate the various Operating Models from a cyber assurance viewpoint to identify: 1) Emerging Capabilities; 2) Possible enhancements with associated cost benefit to SBV; 3) Efficiency opportunities;

Risk Management:

• Assess the implementation and availability of a BCM plan and disaster recovery processes for SBV from a Cyber Assurance viewpoint for availability, integrity, security and confidentiality.
• Drive risk management and compliance with all necessary rules & regulations that govern the various In-country Operations.
• Embed a culture of risk management and maintain all reporting through to SBV Risk department is done timeously and to high quality.
• Prepare quality, relevant and commercially astute assignment, and reports.
• Analyse and interrogate processes, evidence, and verbal information independently.
• Maintain awareness of changes to regulations, compliance guidelines, assessment methodologies, and recommend proactive changes to controls, policies, and procedures in response to these changes

Contribute to the SBV culture:

• Provide leadership to employees within the organisation, creating a winning culture and high morale
• Initiate and participate in a culture of performance driven output through shared purpose vision and values
• Creates a conducive environment which translates into productivity and high morale within SBV

Financial Performance Management:

• Provide input and information necessary to enable the General Manager to track and report on financial performance of the department

People Management:

• Contribute to Information Cyber Security training and awareness initiatives to maximise staff awareness and compliance. • Support the Employee Value Proposition entrenchment with the aim to strengthen and position SBV as an employer of choice. 
• Provide leadership to employees within SBV 
• Creates a conducive environment which translates into productivity and high morale within SBV
• Provide strategic collaborative support to the relevant Technology and Risk Steerco’s for overall achievement of strategic objectives
• Adhere to legislative requirements and Group policies and procedures

Requirements

Minimum Requirements: Work Experience:

• 8 years of experience in Cyber Assurance, with proven experience in audit and assurance methodologies, with the flexibility to adapt approach to suit a multifaceted environment.

This includes a min of which: 

• 5+ years of experience in security or compliance consulting or advisory work in support of a highly technical environment
• 5+ years of experience in performing technical audits/assessments in direct support of a major compliance effort (e.g., ISO, NIST, SOX, PCI, GDPR and other regulatory/industry certifications) 
• Deep technical background with experience in common IT infrastructure and services/applications 
• Experience building security compliance program roadmaps, compliance documentation, and ensuring that committed assessments are delivered on schedule.  Experience in Financial services; preferable banking preferential
• Experience in program or project management
• Experience in control framework development and implementation

Minimum Requirements: Education:

• Bachelor’s Degree in Auditing, Information Systems Management, Computer Science, Cyber Security, or other related fields Certified Information Security Systems Professional (CISSP) advantageous