Business Information Security Officer

**Requisition Number and Talent Acquisition Contact**
- REQ: 134658- Location: Sandton, Johannesburg- Closing Date: 14 November 2024- Talent Acquisition: Tshego Semenya**Cluster**
- RBB- Career Stream- IT Risk- Leadership Pipeline- Manage Self: Technical

**Position**
- Business Information Security Officer**Job Purpose**
- The BISO must support the business cluster in the implementation and execution of the cyber resilience risk management framework that includes implementation of cyber risk assessments, strategy, cyber security programme, policies, standards, reporting of all cluster-specific cyber security programme elements and regulatory matters as it relates to cyber security.**Responsibilities**:

- Build and maintain professional relationships by information sharing and professional networking within the bank.
- Build and maintain internal stakeholder relationships through collaboration with stakeholders and regular communication via various media
- Drive compliance to security policies and standards on cluster infrastructure.
- Primary interface between the cluster and CISO office.
- Represent business as an information security representative on the CSSC;
- Ensure alignment and implementation of CRRMF in clusters.
- Report of all cluster specific information security program elements;
- Work closely together with all stakeholders.
- Actively execute the cyber security programme elements and other information and cyber security plans developed by the business.
- Assist the cluster with identification of critical assets (“crown jewels”) and feeding that back into the business impact analysis and risk management processes.
- Work with the business to develop processes and procedures to ensure information security policies and standards are integrated; and
- Assist with third party supplier information and cyber security risk assessments and assurance.
- Assist business with incident management related to cyber and/or privacy incidents.
- Conclude cyber / privacy impact assessment on new business initiatives.
- Build and maintain professional relationships by information sharing and professional networking within the bank.
- Conduct assurance testing on cyber/IT related controls.
- Assist with the development, review and maintenance of RCSA and KRI’s for the portfolio.
- Essential Qualifications - NQF Level- Matric / Grade 12 / National Senior Certificate
- Advanced Diplomas/National 1st Degrees
- Preferred Qualification- Certified Information Security Manager (CISM)
- Certified in Risk and Information Systems Control (CRISC)
- Certified Information Systems Auditor (CISA)
- Certified Information Systems Security Professional (CISSP)
- Technical Specification- Must be able to create and update power BI dashboards.
- Minimum Experience Level- 3 - 5 years in Information Security Experience
- Exposure in Risk Management Monitoring
- Data Reporting Analytics experience

**Technical / Professional Knowledge**
- Administrative procedures and systems
- Data analysis
- Governance, Risk and Controls
- Principles of project management
- Relevant regulatory knowledge
- Relevant software and systems knowledge
- Cluster Specific Operational Knowledge
- System Development Life cycle(SDLC)
- TCP/IP
- Information Security terms and definitions
- Relevant Operating System
- Information Security policies and procedures
- Vendor Management Principles
- Behavioural Competencies- Applied Learning
- Communication
- Collaborating
- Customer Focus
- Initiating Action
- Managing Work
- Technical/Professional Knowledge and Skills

**Disclaimer**

**_Please contact the Nedbank Recruiting Team at +27 860 555 566_**
- **_Please contact the Nedbank Recruiting Team at +27 860 555 566_