Information Security Analyst III at Nedbank

Job Purpose

To collaboratively perform in-depth analysis with stakeholders on complex information security issues and provide optimum solutions which meet both business and technical requirements while aligning with the information security strategy. To support the Wealth cluster in the implementation and execution of the cyber resilience risk management framework that includes monitoring of cyber risk, cyber security program, policies, standards, reporting of all cluster-specific cyber security program elements, and regulatory matters as it relates to cyber security.

Job Responsibilities

• Build and maintain professional relationships by information sharing and professional networking within the bank.
• Build and maintain internal stakeholder relationships through collaboration with stakeholders and regular communication via various media.
• Drive compliance with security policies and standards on cluster infrastructure.
• Primary interface between the cluster and CISO office.
• Represent business as an information security representative on the CRC.
• Ensure alignment and implementation of CRRMF in clusters.
• Report of all cluster-specific information security program elements.
• Actively executes the cyber security program elements and other information and cyber security plans developed by the business.
• Assist the cluster with the identification of critical assets (“crown jewels”) and feed that back into the business impact analysis and risk management processes.
• Work with the business to develop processes and procedures to ensure information security policies and standards are integrated; and
• Assist with third-party supplier information and cyber security risk assessments and assurance.
• Assist business with incident management related to cyber and/or privacy incidents.
• Conclude cyber / privacy impact assessment on new business initiatives.
• Build and maintain professional relationships by information sharing and professional networking within the bank.
• Provide input into the negotiation process with vendors for new and existing technologies and services.
• Contribute to a culture of transformation by participating in Nedbank culture building initiatives, business strategy, and CSI.
• Stay abreast of developments in field of expertise, ensuring personal and professional growth.
• Understand and embrace the Nedbank vision and values, leading by example.
• Seek opportunities to improve business processes, models and systems.
• Participate in Research and Development related to specific Information Security Technology.
• Participate in proof of technology and proof of concept.
• Identify and set selection criteria for new products.
• Participate in the implementation and hand over of new products as provided in the selection criteria.
• Keep abreast of information security policies, rules, standards and processes, procedures and practices, as well as business rules, introducing new industry concepts to information security.
• Create and review all relevant processes and procedures mindful of current policies and standards.
• Create, maintain and review information security standards.
• Oversee and monitor environment per set standards.
• Review and contribute to project documentation.
• Mitigate risks. Implement specific Information security technologies. Gain further exposure and experience on multiple technologies.
• Log, submit and implement low, medium and high risk security changes independently.
• Provide guidance and supervision to Administrators and other analysts on implementation and changes.
• Oversee and ensure change was success.
• Support the achievement of the business strategy, objectives and values.
• Enable skilling and required corrective action to take place by sharing knowledge and industry trends with team.
• Provide technical mentoring both to Individual and specialist development projects.

People Specification

Essential Qualifications - NQF Level

• Professional Qualifications/Honour’s Degree

Preferred Qualification

• Degree in IT / Computer Science / Informatics

Preferred Certifications

• Certified Information Security Manager (CISM)
• Privacy Related Certificate (s) 
• Certified in Risk and Information Systems Control (CRISC)

Minimum Experience Level

• 4 - 7 years in Information Security Experience
• Exposure in Risk Management Monitoring
• Data Reporting Analytics experience

Technical / Professional Knowledge

• Administrative procedures and systems
• Banking knowledge
• Data analysis
• Governance, Risk and Controls
• Microsoft Office
• Principles of project management
• Relevant regulatory knowledge
• Relevant software and systems knowledge
• Business writing skills
• Information Security Threats and Attact vectors
• Cluster Specific Operational Knowledge
• System Development Life cycle(SDLC)
• TCP/IP
• Information Security terms and definitions
• Basic computer concepts
• Relevant Operating System
• Information Security policies and procedures
• Vendor Management Principles

Behavioural Competencies

• Coaching
• Collaborating
• Decision Making
• Influencing
• Innovation
• Technical/Professional Knowledge and Skills