Please Note: Preference will be given to applicants from Underrepresented Groups
Job Family
Risk, Audit and Compliance
Career Stream
Information Security Risk
Leadership Pipeline
Manage Self: Leading Expert
Job Purpose
Provide leading expertise and guidance to ensure the security of Nedbank Groups Information Assets. The Group Executive, via the Group Chief Risk Officer, designates the Chief Information Security Officer (CISO), as an independent second line role, to be responsible and accountable overall for the Cyber Resilience Risk Management within the Group.
Job Responsibilities
Deliver and meet the strategic financial objectives by managing the budget for the Cluster in line with agreed principles.
Responsible for providing oversight and promoting cyber resilience across the Group.
Develop and maintain cyber resilience strategy in collaboration with business and Group Technology(GT).
Responsible for the digitisation of cyber resilience risk management.
Co-ordinate cyber resilience across Nedbank.
Provide expert advice on all aspects of cyber resilience, including providing input to specialised cyber business initiatives.
Act as subject matter expert for the Cyber Resilience Scenario.
Create and manage the Group's Cyber Resilience Programme.
Monitor the effectiveness of cyber resilience arrangements and report to the Group Executive Committee and Board.
Provide oversight in the investigation of cybersecurity incidents.
Responsible for cybersecurity awareness programme.
Develop and co-ordinate Group wide cyber risk assessments.
Co-ordinate compliance efforts to cyber related regulatory programmes.
Meet business objectives by influencing Information Technology (IT) delivery.
Responsible to lead operational risk activities and takes greater responsibility for risk and governance.
Manage material incidents and crises by leading the Cyber Crisis Management Team.
Influence and set the tone for Cyber Security across the Group.
Manage cyber co-ordinated asssurance.
Act as the Chair of the Cyber Crisis Management Team, and responsible for developing and maintaining of the Playbooks.
Be a thought leader on Information Technology (IT) matters across industries.
Ensure the delivery of key IT projects.
Ensure that relevant IT policies are in place to mitigate people risk.
Meet compliance requirements by ensuring that the constructs of risk, governance and compliance are adequately addressed.
Has sufficient authority, independence, resources and access to the Board - Group Risk and Capital Management Committee (GRCMC), Group IT Committee (GITCo) and Group Audit Committee (GAC).
Provide an effective challenge that questions existing cyber resilience processes and information, while conducting specific testing of procedures and processes, consistent with the unique aspects of the Group's CRRMF and risk profile.
Essential Qualifications - NQF Level
Professional Qualifications/Honour’s Degree
Preferred Qualification
Computer Science and /or Commerce
Preferred Certifications
Certified Information Security Manager (CISM); Certified Information Systems Security Professional (CISSP). Preferred: Certified Risk & Information Systems Control (CRISC) Certified Information Systems Auditor (CISA)
Minimum Experience Level
11 years experience in banking and an IT environment covering Business Continuity, Disaster Recovery, Information Security, Digital Forensics and Risk Management.8-10 years being in management
Technical / Professional Knowledge
Business continuity standard
Digital computing (hardware components)
Digital forensic tools and techniques
Ethics and Fraud
Forensic examination
Information systems
International Security Forum (ISF) Standards
Nedbank policies and procedures
Nedbank vision and strategy
Relevant software and systems knowledge
Relevant regulatory, compliance and risk legislation
Behavioural Competencies
Strategic Influence
Driving Execution
Cultivating Networks and Partnerships
Leading Change
Operational Decision Making
Digital Acumen
Leading Virtual Teams
-
Please contact the Nedbank Recruiting Team at +27 860 555 566