Chief Information Security Officer (MT6)- Cyber Security

Listing reference: capgh_000279
Listing status: Under Review
Apply by: 19 November 2024
Position summary
Industry: Banking
Job category: Other: Banking, Finance, Insurance, Stockbroking
Location: Windhoek
Contract: Permanent
EE position: No
Introduction
The role of the Chief Information Security Officer is to provide strategic leadership of the information security function, enabling a capability for managing the confidentiality, integrity, and availability-related risks that could affect the company's information assets negatively beyond acceptable tolerance levels. The role is responsible to ensure that the company's information security efforts are consistent within the company's Risk, Internal Control and Assurance Framework (RICAF), information security mandate, objectives and target operating model, and ultimately the company's strategic objective and capability model. The role may require carrying out any other appropriate activity that is necessary to fulfill the mandate of the Information Security Office.
Job description

KEY PERFORMANCE AREAS (KPA'S
Organizational Structure:
  • Design an appropriate structure to facilitate the identification and management of information security risks, which should include a plan for communication across functions.
  • facilitate communication across functions on emerging information security risks.
Design & Oversee the implementation of the IS management system:
  • Design an appropriate information security strategy.
  • Drive & coordinate the implementation of the relevant framework & policies.
  • Report on results.
(Information) Asset Management:
  • Oversee the implementation of risk mitigation plans.
  • Coordinate the design and execution of security awareness training across the Group and monitor the success thereof.
Risk Management:
  • Drive the identification, assessment, mitigation, and monitoring of risks related to information security, i.e. be the central point of contact for information security risk management.
  • Direct information security incident management processes and procedures.
  • Monitor and report on incidents.
  • Perform the Group Principal Risk Owner role for Information Security.
  • Report on significant risks
Cyber Threat Management:
  • Prepare the group for the possibility of an attack, catastrophic event, or related incident affecting the security of information.
  • Participate in the information Security Incident Management process for high-profile incidents.
  • Monitor the post-incident review stage for the identification of improvement initiatives.
  • Monitor the frequency and cost of information security incidents in the improvement of current and future risk assessments.
  • Report on emerging cyber threats and any significant cyber incidents within the Group or industry.
Compliance Management
  • Identify & oversee the implementation of new or changed information security compliance standards
  • Oversee the compliance program in relation to relevant information security requirements
  • Report on Compliance management
Policies and Procedures
  • Set a Framework for the development, implementation, and maintenance of appropriate policies and procedures that document practical, repeatable, and defined processes to mitigate risks.
  • Monitor compliance with internal policies and procedures
Operational Management
  • Agree on service level agreements and key performance criteria to manage disruptions and reduce incidents to a minimum.
  • Attend innovation or project management meetings where the development of new products and solutions are discussed and highlight key information security matters.
  • Delegate or direct the security architecture design components of solutions.
Assurance & Monitoring
  • Ensure that sufficient coverage of information security controls is included in assurance plans
  • Monitor critical controls and respond to control failures with appropriate mitigation plans.
Reporting
  • Provide reports to the executive committee and those charged with governance on key matters.

Minimum requirements

Qualifications and Experience required:
  • University degree, preferably in information security or related field;
  • CISSP, CISA, and/or CISM certifications; and
  • An ISO 27001 lead certification would be a distinct advantage.
  • Certification in prevalent Firewalls, DLP, and Vulnerability technologies, specifically CISCO.
  • 10 years experience in information security.
  • 5 years experience in information security at a senior management level.

Our website uses cookies so that we can provide you with the best user experience. By continuing to use our website, you agree to our use of cookies.