Business Information Security Officer

**Requisition Details & Talent Acquisition Contact**
- REQ 127649- Tshego Semenya**Cluster**
- Group Risk**Career Stream**
- It Risk

**Leadership Pipeline**
- Manage Self: Expert

**Position**
- Business Information Security Officer**Job Purpose**
- The BISO must support the business cluster in the implementation and execution of the cyber resilience risk management framework that includes implementation of cyber risk assessments, strategy, cyber security programme, policies, standards, reporting of all cluster-specific cyber security programme elements and regulatory matters as it relates to cyber security.**Responsibilities**:

- Drive compliance to security policies and standards on cluster infrastructure.
- Primary interface between the cluster and CISO office.
- Represent business as an information security representative on the CSSC;
- Ensure alignment and implementation of CRRMF in clusters.
- Report of all cluster specific information security program elements;
- Work closely together with all stakeholders.
- Actively executes the cyber security programme elements and other information and cyber security plans developed by the business.
- Assist the cluster with identification of critical assets (“crown jewels”) and feeding that back into the business impact analysis and risk management processes.
- Work with the business to develop processes and procedures to ensure information security policies and standards are integrated; and
- Assist with third party supplier information and cyber security risk assessments and assurance
- Assist business with incident management related to cyber and/or privacy incidents
- Conclude cyber / privacy impact assessment on new business initiatives
- Build and maintain professional relationships by information sharing and professional networking within the bank.
- Build and maintain internal stakeholder relationships through collaboration with stakeholders and regular communication via various media
- Drive compliance to security policies and standards on cluster infrastructure;
- Primary interface between the cluster and CISO office.
- Represent business as an information security representative on the CSSC;
- Ensure alignment and implementation of CRRMF in clusters.
- Report of all cluster specific information security program elements;
- Work closely together with all stakeholders.
- Actively executes the cyber security programme elements and other information and cyber security plans developed by the business.
- Assist the cluster with identification of critical assets (“crown jewels”) and feeding that back into the business impact analysis and risk management processes.
- Work with the business to develop processes and procedures to ensure information security policies and standards are integrated; and
- Assist with third party supplier information and cyber security risk assessments and assurance
- Assist business with incident management related to cyber and/or privacy incidents
- Conclude cyber / privacy impact assessment on new business initiatives
- Essential Qualifications - NQF Level- Advanced Diplomas/National 1st Degrees
- Preferred Qualification- Master’s Degree in IT / Computer Science / Informatics
- Preferred Certifications- Certified Information Security Manager (CISM)
- Certified in Risk and Information Systems Control (CRISC)
- Certified Information Systems Auditor (CISA)
- Certified Information Systems Security Professional (CISSP)
- Minimum Experience Level- 3 - 5 years in Information Security Experience
- Exposure in Risk Management Monitoring
- Data Reporting Analytics experience

**Type of Exposure**
- Completed Reports and Achieved Budgets
- Designed Workforce Planning Solutions
- Developed and Implemented Communications Strategy
- Manage internal process
- Managed Transformation and Innovation
- Managed Relationships
- Managed Self
- Provided Administrative Support

**Technical / Professional Knowledge**
- Administrative procedures and systems
- Banking knowledge
- Data analysis
- Governance, Risk and Controls
- Microsoft Office
- Principles of project management
- Relevant regulatory knowledge
- Relevant software and systems knowledge
- Business writing skills
- Information Security Threats and Attact vectors
- Cluster Specific Operational Knowledge
- System Development Life cycle(SDLC)
- TCP/IP
- Information Security terms and definitions
- Basic computer concepts
- Relevant Operating System
- Information Security policies and procedures
- Vendor Management Principles

**Disclaimer**

**_Please contact the Nedbank Recruiting Team at +27 860 555 566_**
- **_Please contact the Nedbank Recruiting Team at +27 860 555 566_