Manager: Business Information Security
Position summary
Introduction
Job description
a) Acts as the primary interface between the entity and Group CISO Office relating to cyber matters;
b) Serve as the entity cyber representative at relevant committees and meetings;
c) Assisting the CISO in delivering the Cyber Resiliency Program (CRP) in the entity.
d) Support data owners in the entity and provide guidance related to access, usage and storage of data;
e) Assist the entity in the completion of cyber risk assessments and other cyber related compliance processes, ensuring that they are understood, that appropriate controls are embedded in the day-to-day operation;
f) Ensure that any non-compliance in the entity is remediated;
g) Take part in cyber incident response relating to the entity;
h) Provides cybersecurity advice to the business managers and staff and help drive best practices;
i) Ensure the business complies with the relevant requirements of the information security policies;
j) Continuously review and modify as relevant cybersecurity practices and procedures;
k) Assist the business with the audit process, resolving audit findings and ensuring closure thereof;
l) Work with the business to develop processes and procedures to ensure information security policies and standards are integrated;
m) Perform vendor cyber risk assessments and/or vendor onsite information security reviews as part of the third-party cyber risk management programme;
n) Ensure compliance to cyber relevant regulatory processes, standards, Acts and banking determinations;
o) Facilitate and promote awareness and training programs in the entity, promote awareness of current policies and standards and distribute information security awareness materials and publications appropriately within the business;
p) Build relationship with relevant internal and external stakeholders;
q) Report information security issues to the business as applicable with appropriate documentation;
r) Coordinate the capture of cybersecurity metrics for reporting to the operational risk function and CISO office for integration with the CyberMIS system;
s) Guide the business in development of action plans while reporting and tracking to closure all cybersecurity issues resulting from self-assessment, audit, risk assessment, vendor reviews, etc.
t) Prepare and submit monthly reports on the status of cybersecurity to the CISO and in the entity.
Minimum requirements
B. Com / B.Sc. Information Systems, Computer Science, Engineering, risk management or equivalent 4 year degree
CISM, CISA, CISSP preferred.
4 years of cybersecurity and cyber risk management experience, preferably in financial services or similar industries
· Deep understanding of cyber risk and how it relates to the entity
· Working knowledge of information security standards
· Working knowledge of information security frameworks
· Working knowledge of cyber risk management and maturity frameworks
· Working knowledge of third-party cyber risk management
· Past experience with two or more cybersecurity program element areas, including, data protection, risk assessment, third party risk assessment, identity and access management, information security metrics
· Strong risk analysis and problem-solving skills
· Knowledge of business, regulatory and compliance requirements
· Project management skills; and
· Ability to create metrics, presentations and other documents as needed