JOB NAME |
INFORMATION SECURITY AND RISK SPECIALIST
POSTED BY: Development Bank of Southern Africa
REF:DBSA 88
Date Published:Monday, January 27, 2020
Date of Expiration:Saturday, July 25, 2020 EXPIRED
RECOMMEND THIS JOB ON FACEBOOK
|
|
|
LOCATION OF THIS JOB |
South Africa | MIDRAND in South Africa |
INDUSTRY |
DEVELOPMENT FINANCE INSTITUTIONS
|
JOB TYPE |
Full-Time |
MAIN JOB DESCRIPTION |
Reference Number DBS200120-2 Job Title Information Security and Risk Specialist Job Grade 16 Job Type Classification Permanent Location - Town / City Midrand Location - Province Gauteng Location - Country South Africa
JOB DESCRIPTION The purpose of this role is to perform information security responsibilities such as developing, coordinating and implementing policies, standards, and procedures to safeguard the bank’s information systems and data.
Ensuring that information security policy is aligned with the bank’s business strategy & benchmarked with best practice.
Strategic Focus: 1. Define and implement ICT Security strategy for the bank 2. Establish a framework for the implementation of an Information Security Management System (ISMS) that reflects the bank’s security needs and objectives 3. Develop ICT Security Policies, Processes, Procedures and Standards in line with industry benchmarks and where applicable best practices 4. Assess potential areas of risks and opportunities of vulnerability in the network and on information technology infrastructure and applications 5. Oversees the planning, execution and management of projects related to compliance, control assurance, risk management, security and infrastructure / information asset protection 6. Provide strategic / tactical direction and consultation on information security and compliance 7. Design an effective ICT Security Architecture Financial Management: 8. Develop an effective stakeholder Service Level Agreement Management for ICT Security 9. Advise ICT management on cost effective solutions for Information Security solutioning 10. Implement cost effective ICT Security solutions Information Security Management: 11. Design and coordinate the processes for the detection, investigation and correction of ICT security breaches and incidents 12. Assess and implement the controls needed to protect the bank’s information as well as information from third parties 13. Plan and participate in ICT Continuity and Disaster Recovery process; 14. Perform periodic reporting to key stakeholders regarding the bank’s ICT Security state 15. Provide ICT security advisory services to the different BU’s within the bank 16. Initiates and conduct independent corporate security risk assessments 17. Coordinate corrective actions for identified security vulnerabilities and gaps. 18. Work with the CIO, Executive team, and Group Risk Management to determine acceptable levels of risk for the enterprise (Risk Champion) 19. Maintain ICT Risk Management at strategic and operational level 20. Ensure effectiveness and maturity growth of the bank’s ICT Security Program 21. Ensure ICT Assets are safeguarded to protect the information 22. Ensure privacy and security of data and segregation of duties in maintaining confidentiality, availability and integrity of information 23. Develop and provide appropriate awareness training / plans and communication Capacity Building: 24. Conduct continuous market research on trends and best practice relating to ICT Security 25. Establish communication programs that will raise and maintain awareness of information security throughout DBSA 26. Conduct awareness sessions to ensure that DBSA staff are educated of their roles and responsibilities relative to information security governance
|
REQUIREMENTS FOR THIS JOB |
QUALIFICATIONS 1. B. degree (IT/Information systems) or BTech in IT or Information Security 2. Post graduate qualification in ICTSecurity information Management will be advantageous. 3. 4 – 6 Years of experience in ICT Information Security Management and / or IT Risk Management Skills & Knowledge 4. Relevant certification (CISM, CISA, CRISC) 5. Strong technical background and knowledge 6. Exposure to cyber risk frameworks (NIST, ISF, Iso27001/2, FFIEC) 7. Ability to create metrics, presentations to various stakeholders 8. IT Governance and risk management experience 9. Practical experience in IT or Information Security and Information Risk management role. 10. Exposure to cyber security or SOC monitoring. 11. Optional: CoBIT, TOGAF, ITIL 12. Must be analytical and investigative. 13. Must display good decision making and problem-solving skills.•
EXPERTISE & TECHNICAL COMPETENCIES TECHNICAL COMPETENCIES Planning & Organizing 1. Is relied on to help others plan and organise their workload. 2. Effectively uses advanced time management processes to deal with high workload and tight deadlines. 3. Organises, prioritises and schedules tasks so they can be performed within budget and with the efficient use of time and resources. 4. Achieves goals in a timely manner, despite obstacles encountered, by organising, reprioritising and re-planning
Negotiation Skills 1. Understands and can apply basic negotiating skills and techniques, e.g. obtaining a full understanding of the other party's agenda and needs before disclosing own perspectives. 2. Possesses an understanding of various unspoken communications from other parties and can decipher hidden agendas. 3. Is able to successfully conclude negotiations which require the development of an emotional as well as factual argument. 4. Is able to develop mutually-beneficial potential solutions.
Written Communication 1. Understands that different writing styles are required for different documents or audiences. 2. Write effective correspondence, prepares questions and reports, statements of circumstance and briefing notes. 3. Reviews others’ documents for clarity and impact. 4. Has a solid mastery of writing principles such as grammar, sentence construction etc.
REQUIRED PERSONAL ATTRIBUTES BEHAVIOURAL COMPETENCIES Customer Service Orientation 1. Tries to understand the underlying needs of customers and matches these needs to available or customized products and services. 2. Adapts processes and procedures to meet on-going customer needs. 3. Utilises the feedback received by customers, in order to develop new and/or improve existing services/ products that relate to their on-going needs. 4. Thinks of new ways to align DBSA’s offerings with future customer needs.
Self-awareness and Self Control 1. Withholds effects of strong emotions in difficult situations. 2. Keeps functioning or responds constructively despite stress. 3. May apply special techniques or plan ahead of time to manage emotions or stress.
Strategic and Innovative Thinking 1. Experiments with new approaches, tests scenarios, questions assumptions and challenges conventional thinking. 2. Creates new concepts that are not obvious to others, leveraging internal and external sources of information, to build incremental revenue and growth opportunities.
Driving delivery of results 1. Sets challenging goals that will have a significant impact on the business or support the organisational strategy. 2. Commits significant resources and/or time to ensure that challenging goals are achieved, while also taking action to mitigate risk.
Teamwork & Cooperation 1. Acts to promote a friendly climate and good morale, and resolves conflicts. 2. Creates opportunities for cross-functional working. 3. Encourages others to network outside of their own team/department and learn from their experience.
|
|