Business Information Security Officer - Nedbank

The BISO must support the business cluster in the implementation and execution of the cyber resilience risk management framework that includes implementation of cyber risk assessments, strategy, cyber security programme, policies, standards, reporting of all cluster-specific cyber security programme elements and regulatory matters as it relates to cyber security.

Job Responsibilities

• Build and maintain professional relationships by information sharing and professional networking within the bank.
• Build and maintain internal stakeholder relationships through collaboration with stakeholders and regular communication via various media
• Drive compliance to security policies and standards on cluster infrastructure.
• Primary interface between the cluster and CISO office.
• Represent business as an information security representative on the CSSC;
• Ensure alignment and implementation of CRRMF in clusters.
• Report of all cluster-specific information security program elements;
• Work closely together with all stakeholders.
• Actively executes the cyber security programme elements and other information and cyber security plans developed by the business.
• Assist the cluster with the identification of critical assets (“crown jewels”) and feeding that back into the business impact analysis and risk management processes.
• Work with the business to develop processes and procedures to ensure information security policies and standards are integrated; and
• Assist with third-party supplier information and cyber security risk assessments and assurance
• Assist businesses with incident management related to cyber and/or privacy incidents
• Conclude cyber / privacy impact assessment on new business initiatives
• Build and maintain professional relationships by information sharing and professional networking within the bank.
• Build and maintain internal stakeholder relationships through collaboration with stakeholders and regular communication via various media

Minimum Experience Level

• 3 - 5 years in Information Security Experience
• Exposure in Risk Management Monitoring
• Data Reporting Analytics experience

Essential Qualifications - NQF Level

• Professional Qualifications/Honour’s Degree

Preferred Qualification

• Master’s Degree in IT / Computer Science / Informatics

Preferred Certifications

• Certified Information Security Manager (CISM)
• Certified in Risk and Information Systems Control (CRISC)
• Certified Information Systems Auditor (CISA)
• Certified Information Systems Security Professional (CISSP)

Type of Exposure

• Completed Reports and Achieved Budgets
• Developed and Implemented Communications Strategy
• Manage internal process
• Managed Relationships
• Managed Self
• Designed Workforce Planning Solutions
• Managed Transformation and Innovation
• Provided Administrative Support
• Provided Client Service
• Supported Transformation, Change and continued Improvement

Technical / Professional Knowledge

• Administrative procedures and systems
• Banking knowledge
• Data analysis
• Governance, Risk and Controls
• Microsoft Office
• Principles of project management
• Relevant regulatory knowledge
• Relevant software and systems knowledge
• Business writing skills
• Information Security Threats and Attack vectors
• Cluster-Specific Operational Knowledge
• System Development Life Cycle (SDLC)
• TCP/IP
• Information Security terms and definitions
• Basic computer concepts
• Relevant Operating System
• Information Security policies and procedures
• Vendor Management Principles