Manager: Cyber and Strategic Delivery

Requisition Details & Talent Acquisition Consultant

131543 - Tshegofatso Semenya

Location

135 Rivonia Road, Sandton (Nedbank Head Office)

Job Family

Information Technology

Career Stream

IT Risk

Leadership Pipeline

Manage Self: Expert

Job Purpose

To manage cyber risk management activities to reduce cyber risk for the bank; Working independently to deliver on work tasks. Collaborate with other functions in the bank to execute on the Cyber Resilience programme.  

To develop and implement cyber resilience policies to protect sensitive information and systems from cyber security threats and attacks. This person is accountable for creating and executing on the cyber resilience strategy that compliments the bank’s overall risk management framework, and for maintaining compliance with relevant regulations. 

Job Responsibilities

Cyber Risk Management

• Support the Senior Manager Cyber Risk and Chief Information Security Officer (CISO) with embedding of a systemic risk culture and promoting transparency across the business. 
• Engage and build relationships with the three lines of defence as key internal stakeholders. 
• Provide cyber risk subject matter expertise to change programmes and projects as required. 
• Work collaboratively with first line and second-line teams to review and maintain RCSAs. The role should ensure risks owners build good awareness and understanding of each risk, both systemic and non-systemic; and to identify emerging risks that could result in a threat to Nedbank’s Group sustainability. 
• Ensure that risks are managed and anticipated by monitoring and analysing risk and risk trends. 
• Ensure that identified risks are treated by facilitating the development of mitigating actions and monitoring the implementation thereof. 
• Monitor adherence and compliance to the cyber resilience and risk management framework. 
• Ensure that the operational risk reporting to the various structures is accurate; relevant and comparable by reporting timeously and proactively. 
• Be a cyber security subject matter expert for the bank by providing expert advice on all aspects of cyber security risk management. 
• Build and maintain professional relationships by information sharing and professional networking within the bank. 
• Build and maintain internal stakeholder relationships through collaboration with stakeholders and regular communication via various media. 
• Assist with coordinating group wide Information Security risk and maturity assessments in line with the group's risk management frameworks. 
• Collaborate with stakeholders, including GT ISD, BISO, Procurement, legal, compliance and business teams, to develop and implement cyber resilience strategy, framework, and policies.  
• Identify, develop, and enhance policies, standards, procedures and guidelines and drive implementation and compliance throughout the group. 
• Maintain a view of current information security threats and trends globally by conducting research and perform threat modelling and threat vector analysis at a group wide level. 
• Support the achievement of the business strategy, objectives, and values by ensuring delivered systems, process, services, and solutions are aligned. 
• Report regularly to senior management, Exco and Board on the status of cyber resilience efforts, including risks and cyber incidents.  
• Participate in joint implementation of industry-wide cyber security standards and guidelines. 
• Joint advocacy for cyber security policies and regulations that benefit the industry.  
• Identify training courses and career progression for self through input and feedback from management. 
• Ensure all personal development plan activities are completed within specified timeframe. 
• Share knowledge and industry trends with team and stakeholders during formal and informal interaction. 
• Obtain buy-in for developing new and/or enhanced processes (e.g. operational processes) that will improve the functioning of stakeholders' businesses by highlighting benefits in support of the implementation of recommendations. 
• Contribute to a culture conducive to the achievement of transformation goals by participating in Nedbank Culture building initiatives (e.g. staff surveys etc). 
• Seek opportunities to improve business processes and systems by identifying and recommending effective ways to operate and adding value to Nedbank. 

Project Management

• Plan and Coordinate activities for Nedbank Group Cyber resilience projects and ensure effective tracking and reporting to CISO management and various oversight forums. 
• Collaborate with internal stakeholders to plan, resource, prioritise and drive execution of Nedbank Group Cyber resilience projects  
• Identification, assessment, tracking and managing mitigations of risks that impact project timelines and deliverables and allocation of risk owners. 
• Promote and direct issue management for key groupwide cyber resilience projects. 
• Monitoring project performance and assisting in the mitigation of all project risks through the governance structures. 

Essential Qualifications - NQF Level

• Matric / Grade 12 / National Senior Certificate  
• Bachelor’s degree in computer science or management information systems  
• Advanced Diplomas/National 1st Degrees

Preferred Certifications

• Certified Information Security Manager (CISM)/ Certified Information Security Auditor (CISA) 
• PMI or other PM accreditation  

Minimum Experience Level

• 6-7 years of Cyber Risk management experience 
• In depth technical knowledge on operating systems, databases, applications 
• Experience in a bank preferred 
• 3+ years in a project delivery role  

Type of Exposure

• Exposure to threat modelling. The candidate should have experience with looking what cyber threats their organisation faces, take that through to risks and considering whether controls in place mitigates the risk 
• Exposure to identifying critical assets for their organisation 
• Exposure to cyber risk frameworks. One or more of the following (NIST cyber framework / NIST standard, ISF, ISO27001/2, FFIEC) 
• Passion for Cyber 
• Eager to learn 
• Ability to collaborate with people outside of the direct team to achieve objectives 
• Ability to create and present reports to various stakeholders 
• Commercial Banking products, processes, and systems is essential.  
• Coaching and mentoring others  
• Managing multiple projects 
• Conducting research from multiple sources 
• Comparing sets of information 
• Communicating standards to others 
• Conducting gap analysis 
• Conducting root cause analysis

Technical / Professional Knowledge

• Administrative procedures and systems  
• Banking knowledge  
• Banking procedures  
• Data analysis  
• Governance, Risk and Controls  
• Microsoft Office  
• Principles of project management  
• Relevant regulatory knowledge  
• Relevant software and systems knowledge  
• Business writing skills  
• Cluster Specific Operational Knowledge  
• System Development Life cycle (SDLC)  
• Information Security terms and definitions  
• Basic computer concepts  
• Relevant Operating System  
• Information Security policies and procedures  
• Vendor Management Principle

Behavioural Competencies

• Applied Learning  
• Communication  
• Collaborating  
• Customer Focus  
• Initiating Action  
• Managing Work  
• Conflict resolution  
• Flexibility   
• Problem solving  
• Technical/Professional Knowledge and Skill

---------------------------------------------------------------------------------------

Please contact the Nedbank Recruiting Team at +27 860 555 566