Senior Specialist: Cyber and Information Security Risk at Absa Group Limited (Absa)

Job Summary
To provide complex specialist advice and support in practice formulation and associated best practice improvement tactics; enabling the provision of Cyber and Information Security Risk management expertise.

Job Description
Risk Management

• Define, agree, measure and monitor Cyber & Information Security Risk profiles at varying organisational levels.

Critical Process Assessment Oversight:

• Enable the inherent risk assessment activity for critical processes specific to Cyber & Information Security risk. Providing input to the identification of key controls needed to manage Cyber & Information Security risks to an acceptable level within the business unit. Identify control gaps via control self assessments on the central owned controls within the critical processes.
• Key Indicator Identification: Identification of meaningful measures for Cyber and Information Security risk position, assisting Risk Type Officer in determining risk tolerance levels and thresolds.

Framework and Policies:

• Provide input to the development of Cyber & Information Security risk policies and frameworks
• Standards Oversight: Provide input and assist in the creation and maintanance of standards that are required as required by the Group Policy of Policies.
• Risk Management Optimization & Automation: Identify and drive implementation of opportunities to innovate and optimise risk management and reporting through digitisation and automation.

Risk Reporting:

• Formulate Cyber & Information Security risk report and position to group operations, relevant committees, regulators and other stakeholders.

Education And Experience Required

• NQF level 6 B Degree
• B Degree is required i.e. Information Technology and/or Business Management
• CISA/CISSP/CISM/CGERT/PMP or any other IT Governance related qualification
• Excellent understanding of security strategies and technologies including secure network design, e-Channels, remote computing, desktop and server hardening, secure web services, Compliance Auditing, Secure Software Development Lifecycles, Software Auditing, Penetration Testing, Security Monitoring, Access Controls (identification, authentication and authorization) and Encryption. Strong knowledge of information security frameworks and standards such as ISO17799/27001 and their application into diverse environments.
• Experience in quantifying Cyber and Information Risk and translating that into language that the business can understand.
• Minimum of 5 years working experience in risk and audit focusing on information security, risk management, or assurance.

Knowledge & Skills Required

• 4 years Financial Business environment or other financial related experience
• Extensive knowledge, understanding and application
• Good interpersonal, facilitation and negotiation
• Self-confidence and assertiveness/persuasiveness
• Business organisation and industry understanding
• Good understanding of IT operations and processes
• Strategic planning with implementation at tactical

Competencies

• Deciding and initiating action
• Learning and researching
• Entrepreneurial and commercial thinking
• Relating and networking
• Adapting and responding to change
• Persuading and influencing
• Creating and innovating

Education

• Bachelor`s Degrees and Advanced Diplomas: Business, Commerce and Management Studies (Required)

Closing Date: 10th, June 2022