ICT Information Security and Risk Specialist at Development Bank of Southern Africa (DBSA)

Job Description    

• The purpose of this role is to perform information security responsibilities such as developing, coordinating and implementing policies, standards, and procedures to safeguard the bank’s information systems and data. Ensuring that information security policy is aligned with the bank’s business strategy & benchmarked with best practice.

Strategic Focus:

• Define and implement ICT Security strategy for the bank
• Establish a framework for the implementation of an Information Security Management System (ISMS) that reflects the bank’s security needs and objectives
• Develop ICT Security Policies, Processes, Procedures and Standards in line with industry benchmarks and where applicable best practices
• Assess potential areas of risks and opportunities of vulnerability in the network and on information technology infrastructure and applications
• Oversees the planning, execution and management of projects related to compliance, control assurance, risk management, security and infrastructure / information asset protection
• Provide strategic / tactical direction and consultation on information security and compliance
• Design an effective ICT Security Architecture

Key Responsibilities    
Financial Management:

• Develop an effective stakeholder Service Level Agreement Management for ICT Security
• Advise ICT management on cost effective solutions for Information Security solutioning
• Implement cost effective ICT Security solutions

Information Security Management:

• Design and coordinate the processes for the detection, investigation and correction of ICT security breaches and incidents
• Assess and implement the controls needed to protect the bank’s information as well as information from third parties
• Plan and participate in ICT Continuity and Disaster Recovery process;
• Perform periodic reporting to key stakeholders regarding the bank’s ICT Security state
• Provide ICT security advisory services to the different BU’s within the bank
• Initiates and conduct independent corporate security risk assessments
• Coordinate corrective actions for identified security vulnerabilities and gaps.
• Work with the CIO, Executive team, and Group Risk Management to determine acceptable levels of risk for the enterprise (Risk Champion)
• Maintain ICT Risk Management at strategic and operational level
• Ensure effectiveness and maturity growth of the bank’s ICT Security Program
• Ensure ICT Assets are safeguarded to protect the information
• Ensure privacy and security of data and segregation of duties in maintaining confidentiality, availability and integrity of information
• Develop and provide appropriate awareness training / plans and communication

Capacity Building:

• Conduct continuous market research on trends and best practice relating to ICT Security
• Establish communication programs that will raise and maintain awareness of information security throughout DBSA
• Conduct awareness sessions to ensure that DBSA staff are educated of their roles and responsibilities relative to information security governance

Expertise & Technical Competencies    
QUALIFICATIONS & EXPERIENCE

• B. degree (IT/Information systems) or BTech in IT or Information Security
• Post graduate qualification in ICTSecurity information Management will be advantageous.
• 4 – 6 Years of experience in ICT Information Security Management and / or IT Risk Management

Skills & Knowledge

• Relevant certification (CISM, CISA, CRISC)
• Strong technical background and knowledge
• Exposure to cyber risk frameworks (NIST, ISF, Iso27001/2, FFIEC)
• Ability to create metrics, presentations to various stakeholders
• IT Governance and risk management experience
• Practical experience in IT or Information Security and Information Risk management role.
• Exposure to cyber security or SOC monitoring.
• Optional: CoBIT, TOGAF, ITIL
• Must be analytical and investigative.
• Must display good decision making and problem-solving skills.

TECHNICAL COMPETENCIES
Planning & Organizing

• Is relied on to help others plan and organise their workload.
• Effectively uses advanced time management processes to deal with high workload and tight deadlines.
• Organises, prioritises and schedules tasks so they can be performed within budget and with the efficient use of time and resources.
• Achieves goals in a timely manner, despite obstacles encountered, by organising, reprioritising and re-planning

Negotiation Skills

• Understands and can apply basic negotiating skills and techniques, e.g. obtaining a full understanding of the other party's agenda and needs before disclosing own perspectives.
• Possesses an understanding of various unspoken communications from other parties and can decipher hidden agendas.
• Is able to successfully conclude negotiations which require the development of an emotional as well as factual argument.
• Is able to develop mutually-beneficial potential solutions.

Written Communication

• Understands that different writing styles are required for different documents or audiences.
• Write effective correspondence, prepares questions and reports, statements of circumstance and briefing notes.
• Reviews others’ documents for clarity and impact.
• Has a solid mastery of writing principles such as grammar, sentence construction etc.

Required Personal Attributes    
BEHAVIOURAL COMPETENCIES

Customer Service Orientation

• Tries to understand the underlying needs of customers and matches these needs to available or customized products and services.
• Adapts processes and procedures to meet on-going customer needs.
• Utilises the feedback received by customers, in order to develop new and/or improve existing services/ products that relate to their on-going needs.
• Thinks of new ways to align DBSA’s offerings with future customer needs.

Self-awareness and Self Control

• Withholds effects of strong emotions in difficult situations.
• Keeps functioning or responds constructively despite stress.
• May apply special techniques or plan ahead of time to manage emotions or stress.

Strategic and Innovative Thinking

• Experiments with new approaches, tests scenarios, questions assumptions and challenges conventional thinking.
• Creates new concepts that are not obvious to others, leveraging internal and external sources of information, to build incremental revenue and growth opportunities.

Driving delivery of results

•      Sets challenging goals that will have a significant impact on the business or support the organisational strategy.
•      Commits significant resources and/or time to ensure that challenging goals are achieved.

Teamwork & Cooperation

• Acts to promote a friendly climate and good morale, and resolves conflicts.
• Creates opportunities for cross-functional working.
• Encourages others to network outside of their own team/department and learn from their experience.