Ict Information Security and Risk Specialist

The purpose of this role is to perform information security responsibilities such as developing, coordinating and implementing policies, standards, and procedures to safeguard the bank’s information systems and data. Ensuring that information security policy is aligned with the bank’s business strategy & benchmarked with best practice.

**Strategic Focus**:
Define and implement ICT Security strategy for the bank

Establish a framework for the implementation of an Information Security Management System (ISMS) that reflects the bank’s security needs and objectives

Develop ICT Security Policies, Processes, Procedures and Standards in line with industry benchmarks and where applicable best practices

Oversees the planning, execution and management of projects related to compliance, control assurance, risk management, security and infrastructure / information asset protection

Provide strategic / tactical direction and consultation on information security and compliance

Design an effective ICT Security Architecture

**Key Responsibilities**:
**Financial Management**:
Develop an effective stakeholder Service Level Agreement Management for ICT Security

Advise ICT management on cost effective solutions for Information Security solutioning

Implement cost effective ICT Security solutions

**Information Security Management**:
Design and coordinate the processes for the detection, investigation and correction of ICT security breaches and incidents

Assess and implement the controls needed to protect the bank’s information as well as information from third parties

Plan and participate in ICT Continuity and Disaster Recovery process;
Perform periodic reporting to key stakeholders regarding the bank’s ICT Security state

Provide ICT security advisory services to the different BU’s within the bank

Initiates and conduct independent corporate security risk assessments

Coordinate corrective actions for identified security vulnerabilities and gaps.

Work with the CIO, Executive team, and Group Risk Management to determine acceptable levels of risk for the enterprise (Risk Champion)

Maintain ICT Risk Management at strategic and operational level

Ensure effectiveness and maturity growth of the bank’s ICT Security Program

Ensure ICT Assets are safeguarded to protect the information

Ensure privacy and security of data and segregation of duties in maintaining confidentiality, availability and integrity of information

Develop and provide appropriate awareness training / plans and communication

***Capacity Building**:
Conduct continuous market research on trends and best practice relating to ICT Security

Establish communication programs that will raise and maintain awareness of information security throughout DBSA

Conduct awareness sessions to ensure that DBSA staff are educated of their roles and responsibilities relative to information security governance

**Expertise & Technical Competencies**:
**QUALIFICATIONS & EXPERIENCE**

B. degree (IT/Information systems) or BTech in IT or Information Security

Post graduate qualification in ICTSecurity information Management will be advantageous.

4 - 6 Years of experience in ICT Information Security Management and / or IT Risk Management

**Skills & Knowledge**

Relevant certification (CISM, CISA, CRISC)

Strong technical background and knowledge

Exposure to cyber risk frameworks (NIST, ISF, Iso27001/2, FFIEC)

Ability to create metrics, presentations to various stakeholders

IT Governance and risk management experience

Practical experience in IT or Information Security and Information Risk management role.

Exposure to cyber security or SOC monitoring.

Optional: CoBIT, TOGAF, ITIL

Must be analytical and investigative.

Must display good decision making and problem-solving skills.

**TECHNICAL COMPETENCIES**

**Planning & Organizing**

Is relied on to help others plan and organise their workload.

Effectively uses advanced time management processes to deal with high workload and tight deadlines.

Organises, prioritises and schedules tasks so they can be performed within budget and with the efficient use of time and resources.

Achieves goals in a timely manner, despite obstacles encountered, by organising, reprioritising and re-planning

**Negotiation Skills**

Possesses an understanding of various unspoken communications from other parties and can decipher hidden agendas.

Is able to successfully conclude negotiations which require the development of an emotional as well as factual argument.

Is able to develop mutually-beneficial potential solutions.

**Written Communication**

Understands that different writing styles are required for different documents or audiences.

Write effective correspondence, prepares questions and reports, statements of circumstance and briefing notes.

Reviews others’ documents for clarity and impact.

Has a solid mastery of writing principles such as grammar, sentence construction etc.

**Required Personal Attributes**:
**BE