IT Security (SECU) – Security Governance and Compliance Specialist

Job Purpose:
Develop, enhance and implement enterprise-wide security policies, procedures and standards to meet compliance responsibilities. Define security configuration and operations standards for security systems and applications, including network security appliances, and host-based security systems. Ensure that identified or suspected violations of policies and standards or compromises of sensitive information assets are reported in line with established governance. Define, recommend and manage security controls for information systems. Identify security risks and manage to resolution. Work with the business to develop processes and procedures to ensure information security policies and standards are integrated. Provide security support for application- and infrastructure-related projects to ensure that security issues are addressed throughout the project life cycle. Identify gaps and recommend opportunities for continuous improvement in the design and operating effectiveness of information security controls. Provide governance over the management of internal and external Security controls to minimise risk. Work with other stakeholders on best practice to ensure a coordinated approach and on-going compliance with Data Protection/POPIA from a design stage. Ensure privacy and security of data and segregation of duties in maintaining confidentiality, availability and integrity of information. Monitor and promote awareness on emerging cyber security threats. Facilitate continuous improvement of Security maturity across the organization.

Minimum Education & Minimum Experience:

  • Bachelor’s Degree in Computer Science, Information Technology, Computer Auditing or Internal Auditing
  • CISA, CISSP, CISM, CRISC or equivalent security professional qualification preferable
  • 5+ years of experience working in professional information security role.
  • Broad information security knowledge across several security domains.
  • Experience in developing the appropriate information security governance and compliance measures.
  • Experience in managing and developing baseline information security configurations and experience with common industry information security standards and guidelines (such as CIS Controls)
  • Experience of identifying risks and developing and implementing policies, procedures and processes. Experience of process development and process improvement.
  • Knowledge and experience with various Information Security governance and control frameworks (NIST, ISO27001/2, PCI-DSS, CIS Controls)
  • Knowledge of security architecture, network security, access control and user access management, encryption, application security, platform security and database security.

Key Responsibilities:
Security Governance & Security Compliance Management

  • Develop processes and procedures for the information security governance program.
  • Develop, coordinate and maintain the implementation of security policies and procedures across the Bank. Provide business support in audit activities
  • Ensure alignment of security governance with the Bank’s business objectives.
  • Ensure compliance with the applicable legislative and regulatory requirements.
  • Monitor and measure compliance with Security policies.

Security Management & Collaboration

  • Develop and optimize processes to improve security threat identification and remediation.
  • Monitor and manage emerging and existing threats and vulnerabilities to new and existing internal and external services.
  • Implement new security operational efforts and coordinating resources to ensure operational efficiency on technical security controls & Participate in IT Continuity and Disaster Recovery process
  • Champion awareness of developing Information Technology and security risk landscape across the wider business.
  • Oversee highest risk initiatives and serve as a point of escalation for remediation/mitigation efforts.
  • Represent African Bank as a backup on the relevant industry related security groups and initiatives (e.g. SABRIC CSIRT Workgroups).
  • Collaborate with IT technical teams across the business to deliver Security service improvements.

Project Management, Treating Customers Fairly and Compliance, Research & Continuous Improvement

  • Provided end to end engagement on a wider range of security projects as a security technical SME including ensuring the governance and change control is enforced.
  • Perform project tasks within allocated timeframes.
  • Create and maintain productive relationships with internal and external clients by providing advice and assistance.
  • Create understanding of the ‘real’ versus ‘perceived’ need through experience and expertise while complying with company polices legislation and regulations.
  • Keep the client informed about progress through written communication, telephone communications and/or face to face meetings.
  • Build a positive image by exceeding client expectations at all times.
  • Treat internal and external customers fairly at all times.
  • Identify topics of potential interest to the organisation such as industry trends and state-of-the-art technology. Prepare a proposal for research work.
  • Identify topics of interest to the organisation relating to existing technology and processes.
  • Research topics document the results and commit the output to a body of knowledge.
  • Apply research findings to the analysis phase of upcoming initiatives.
  • Apply research findings to ongoing implementation efforts.
  • Apply research findings to planning for future initiatives.
  • Create an innovative idea(s) or continuous improvement initiative(s) to enhance the security system.

Desired Skills:

  • CISA
  • CISM
  • professional information security
  • Information Security governance
  • (NIST
  • ISO27001/2
  • CIS Controls
  • security architecture
  • network security

Desired Qualification Level:

  • Diploma

Learn more/Apply for this position