Head: Cyber Assurance

**Purpose of the Position**:
Responsible to evaluate the system and network enterprise environments of SBV and use technical knowledge and analytical skill to determine the optimum mix of technology, policy, procedures, and education to implement effective cyber security programs and strategies. This will include the establishment and management of program control processes, compliance assessments to determine deviations from acceptable configurations, policy, or standards, and provides oversight in compliance requirements for internal and external reviews.

**Key Performance Areas (KPAs)**:
Manage strategic alignment linked to the Cyber Assurance programme of SBV:

- Establish and lead 2nd line of defence Risk capabilities for Cyber risk within SBV to provide confidence to SBV that Cyber controls and practices developed and provided are fit-for-purpose, reliable, resilient, secure and adaptable to meet changing needs.
- Provide input into the Departmental Strategy linked to the Long-term Company Strategy
- Responsible for leading the Cyber Security Assurance program which will continually provide an independent view of the control framework in SBV and will act as a stimulus for action for identified risks or concerns
- Contribute to the development of organisational strategies and plans that contribute to information security and help to translate any investment decisions required in terms of risk and compliance with legislation, regulation and relevant standards.
- As an established authority in Cyber Security risk and control, provide SME input and support to maintain that the risks relevant to SBV and the cash value chain are identified and kept current, in line with the overall SBV risk appetite.
- Participate in industry cyber security forums as required to monitor Cyber risks trends and possible impact to SBV is incorporated into feedback and possible scope changes for the assurance Programme.
- Participate and support corporate responsibility initiatives for the achievement of business strategy.

Cyber Assurance Process and systems management:

- Manage, develop, implement, and review industry-standard IT assurance frameworks, policies, procedures and standards; and build a tailored and dynamic multi-year assurance plan
- Responsible for driving the cyber security controls assurance programme and assurance initiatives.
- Responsible for confirming that the risk and control measures are maintained and communicated across the divisions to key stakeholders. - Influence divisions to improve their cyber security controls with the strive to make the division more secure from internal and external threats.
- Lead and influence key owners and collaborators such as CTO’s and Head of Cyber Security to support that they understand how the assurance program drives improvement in cyber security risk across SBV.
- Establishes positive relationships with cyber security teams and Technology teams to protect SBV with robust controls.
- Provide SME input and support for maintaining that the Cyber Security policy is up to date in line with the current Cyber Security risks.
- Knowledgeable of cyber security controls and operating models, with a wide network of relevant partners, providing consultancy to internal and external stakeholders to the benefit of SBV.
- Identify cyber risk areas that require additional focus across SBV and prepare risk briefings which include pragmatic recommendations for remediation. Identify potential opportunities for improving the cyber security control environment collaborating with internal stakeholders for mínimal impact to partners.
- Verify the assurance processes and tools are fit for a program delivering across all divisions and, where possible, drive efficiencies via automation.
- Design and report relevant metrics and related key performance indicators (KPIs) for the Cyber Security Assurance program which will demonstrate the efficiency of the program. This reporting to include: 1) Concise risk reports based on the assurance test results (design & efficiency) are produced that can be understood by all business partners (including board level, internal & external audit and risk management). 2) Report and supervise progress of remediation tracking activities by the brands. 3) Working with the Cyber Security team and aligning to SBV standards, provision of reporting and transparency at multiple stakeholder levels is vital.
- Provide risk insights i to the governance and oversight forums/committees as the need arises.
- Evaluate the design and effectiveness of IT controls and working with auditors/regulators for these types of assessments.
- Communicate audit/assessment results and remediation plans with leadership and prioritizing and remediating findings with service/system owner.
- Collaborate with internal and external stakeholders to plan, prepare, schedule, and coordinate internal assessments and external audits.
- Perform assessments of systems and networks within our enviro