Information Security Officer - Head Office - Durban at Al Baraka Bank South Africa

CORE PURPOSE OF THE JOB

• To fulfil the bank’s obligations in terms of Information Security as highlighted by external audit as well as regulators. To provide assurance that information security and IT related risks are controlled within acceptable levels in the organisation. To monitor information security systems, policy development, IT risk management, implementation and enforcement of security controls together with ongoing research. Information Security as a segregated function is necessitated in the context of the bank’s environment.

KEY PERFORMANCE AREAS

•  Define & Establish Security Organisation and Security Infrastructure relevant to ABL’s environment.
•  Identify and implement mitigating control measures which cuts across all areas where information is created, processed, transmitted and archived.
•  Develop and maintain ABL information security policies, procedures and guidelines in line with prevailing governance and security frameworks.
•  Encourage ABL compliance at an organisational level in respect of the conditions for the lawful processing of personal information;
•  Assess internal / external Audit security observations with supporting details of corrective actions, mitigating factors and preventative measures as appropriate.
•  Ensures that the Bank complies with PAIA and POPI: Risk Assessment frameworks.
•  Deals with requests for access to information from third parties incorporating receipting, processing and determining whether access to information held by the bank should be given to such third parties;
•  Monitor compliance with information security policies, procedures and standards.
•  Approve firewall changes and remote access requests.
•  Evaluate changes in asset base and resultant security implications at least twice a year.
•  Maintain Security Registers for recording, tracking, follow up and reporting purposes.
•  Lead the Management Security Forum and the Incident Response Team.
•  Prepare reports and recommendations to Security Committee in respect of security incidents/events, outcomes and follow up progress.
•  Act as official ABL point of contact information security, privacy and copyright infringement incidents, including relationships with law enforcement agencies.
•  Assess Security components in respect of new and existing applications, utilities or programmes that are acquired to ensure conformity with information security standards and best governance practices.
•  Review, Acquire and Implement appropriate Software and/or Appliances for the purpose of monitoring information security and related standards.
•  Ensure continuity threats and vulnerabilities are assessed on a regular basis and incorporated into the relevant risk assessments (bi-annually or more frequently if warranted by prevailing circumstances).
•  Keep abreast of latest security and privacy legislation, regulations, security alerts, threats and vulnerabilities relevant to ABL.
•  Consult and advise on general information security issues
•  Co-ordinate the development and delivery of training and awareness programs for ABL personnel to develop security skills for staff at an organisational-wide level.
•  Provide training/ awareness sessions to employees regarding security of information;
•  Management reporting required for Executive, Risk, Audit and Board Committees as required from time to time.

PREFERRED QUALIFICATIONS

•  Relevant degree, diploma or equivalent qualification in Commerce/Computer Science or other applied sciences.
•  Professional information security qualification (e.g; CISSP, CISO, CISM, CISA)
•  MCSE/MCSD Certification would be advantageous
•  Certificate in MS Office suite of applications.
•  Certificate in use of CAAT tools.

PREFERRED EXPERIENCE

•  2-3 year’s relevant experience in information security or related field (preferably across multiple areas of IT and Risk) within a similar environment with demonstrated experience in personnel/3rd

party security.
 2 - 3 years’ experience in Systems & Network Security operational environment would be
advantageous.
SKILLS REQUIRED

•  Good interpersonal skills.
•  Communication and liaison skills
•  Good understanding of IT and IT Security Management
•  Information Security Strategic Planning
•  Organisational skills and capabilities
•  Ability to work under pressure and meet deadlines.
•  Ensure upholding of Code of Ethics
•  Display high moral standards and personal ethics.
•  Analytical and problem solving ability

KNOWLEDGE REQUIRED

•  Extensive Knowledge of Information Security in line with ISO/COBIT.
•  Knowledge of Global Security Standards and best practices insofar as Information systems & technology is concerned.
•  Knowledge of the Banking Systems, ERP Systems, and Electronic banking systems.
•  Knowledge of Global Hardware & Software systems and Server/End-user applications.
•  Knowledge of Network Architecture, Design, Composition & Standards (Routers, Servers
•  An understanding and knowledge of a Banks Policies and Procedures.
•  Knowledge of company’s Code of Business Conduct.
•  Full understanding of Regulatory, Board & Executive Management reporting requirements.
•  Knowledge or Auditing and Risk Management techniques