Associate Cybersecurity Risk Analyst - South African Reserve Bank

The purpose of this position is to realise the responsibilities of the Prudential Authority (PA) in respect of the supervision and regulation of cybersecurity risk in the financial sector.

The successful candidate will be required to support a team of senior cybersecurity specialists in their operational duties associated with on and off-site analysis as well as providing specialist knowledge, skills, and experience in the cybersecurity/information technology risk management area.

The candidate will be required to assist with the analysis of the cybersecurity landscape to ensure cyber threats to the South African Financial sector are known and adequately managed by the respective institutions.

Detailed Description

The successful candidate will be responsible for, among others, the following key performance areas:

Supervision

• Assist in the development of cyber frameworks/standards and guidelines for adoption across the industry.
• Apply appropriate analytical techniques, methodologies, and technologies to assist senior analysts with research objectives.
• Produce intelligence outputs to provide an accurate depiction of the current threat landscape and associated risk.
• Liaise with key internal and external stakeholders regarding current and developing cyber threats.
• Identify, collect, collate, analyse, and document cyber security threats to the financial sector using threat intelligence feeds from multiple sources;
• Plan and prioritise work in conjunction with senior analysts, line manager, and other stakeholders.
• Review risk and threat information in order to identify applicable gaps in the industry.
• Assist senior analysts with supervisory reviews and practices (desktop and prudential meetings) in relation to cybersecurity risk in PA-regulated entities.
• Assist with the development, analysis, and interpretation of cybersecurity risk assessments, surveys, and questionnaires.
• Staying abreast of international best practices and developments surrounding cybersecurity risk matters to benchmark and implement locally.

Job Requirements

To be considered for this position, candidates must have:

• A minimum of a Bachelor Degree (NQF 7) in Security, Information Technology, Risk Management or an equivalent qualification;
• At least four years’ experience in an information security or cybersecurity governance or Information technology risk management environment.
• Solid knowledge of Cybersecurity, Information security governance, risk management, and compliance.
• Have exposure to cyber risk frameworks.
• Be familiar with relevant legislation.
• Understanding of Cyber Risk Trends.
• Knowledge of leading cyber / information security best practices.

The following would be an added advantage:

• Certified in any of the following – CISSP, CISM, Security+, CRISC, CISA, or equivalent certifications.
• Knowledge of the best practice standards and frameworks at both theoretical and practical level

Additional requirements are as follows:

• Knowledge of, and experience in; the banking, insurance or financial market infrastructure systems; financial, insurance and banking products; regulations, and technology systems used in the various financial sectors with particular emphasis on IT / IT risk matters.
• Knowledge and understanding of information technology/cybersecurity/information security/technology Risk Frameworks e.g., NIST, COBIT, ISO 27001, ITIL, ISO 31000, ISO 38500, etc. and further developments in this space.
• Knowledge and understanding of the cybersecurity risk’s banks, insurance, and financial market infrastructures face.
• Competence in basic office information technologies.
• Ability to work in a team and contribute to team success.
• Reliable own transport as the position requires regular travel between the PA’s offices in Pretoria and the offices of banks, insurance entities and financial market infrastructures which are generally outside Pretoria.