Job Purpose
To build an Information Technology cyber-security in order to improve the Information Technology Security capability maturity. This includes contributing to the IT cyber security strategy, creating awareness in Information Technology, delivery of various control improvements, incident response planning and execution.
Key Responsibilities/Accountabilities
• Assist in developing a cyber-security strategy for Group IT.
• Develop threat models for all critical technologies (application and supporting infrastructure).
• Support the Head of Information Technology Cyber-Security and Penetration Testing with cybersecurity input into the IT Security investment plans.
• Develop cyber-security business cases to secure the budget for improvements in the cybersecurity maturity.
• Act as subject matter expert on the approved Cyber-Security IT projects.
• Conduct research to get a clear view of new and emerging threats facing technology and ensure that these are reflected in the threat models and strategy.
• Ensure that the learnings from other cyber-security incidents are adopted by Standard Bank Group, in so far as the IT Security control environment is concerned.
• Create the awareness of cyber-security threats within the IT community.
• Guide the business with the selection of appropriate IT controls in order to combat cyber-security threats leading to fraud.
• Coordinate efforts with the Cyber Security Operations Centre to ensure a unified approach to cyber-security across Standard Bank Group.
• Keep abreast of technology trends and the implications on Cyber-Security e.g. mobile, cloud and social.
• Provide insight and intelligence into effective cyber-security threat management.
• Stay close to the business strategy and ensure that IT Security capabilities enable and support this strategy.
Preferred Qualification and Experience
Qualification
- Degree in Computer Science plus CISSP and any of these Information Security related Certifications (CISM/CRISC/CISA)
Experience
- 3-4 years (preferably Financial institution) in an IT security role
- Experience in developing threat models, risk profiles, penetration testing, cyber-security risk and incident management, and a solid understanding of crime in the financial sector
- Experience in engaging with a broad spectrum of stakeholders including senior executives.
Knowledge/Technical Skills/Expertise
- The ability to assess and mitigate the risks associated with the storage and retrieval of electronic information
- The examination of the essential elements of risk such as; assets, threats, vulnerabilities, safeguards, consequences and the likelihood of the threats materialising.
- The ability to define and analyse risk identification information in a quantitative and/or qualitative way.
- The management of, and provision of expert advice on, the selection, design, justification, implementation and operation of information security controls and management strategies to maintain the confidentiality, integrity, availability, accountability and relevant compliance of information systems.
- The ability to facilitate the creation and adoption of an appropriate risk response strategy and to assign ownership for the risk respons
Apply here!