Manager: Cyber and Strategic Delivery
NedbankGet a financial partner who will help, guide and support you on your personal journey.
Requisition Details & Talent Acquisition Consultant
131543 - Tshegofatso Semenya
135 Rivonia Road, Sandton (Nedbank Head Office)
Job FamilyInformation Technology
Leadership PipelineManage Self: Expert
To manage cyber risk management activities to reduce cyber risk for the bank; Working independently to deliver on work tasks. Collaborate with other functions in the bank to execute on the Cyber Resilience programme.
To develop and implement cyber resilience policies to protect sensitive information and systems from cyber security threats and attacks. This person is accountable for creating and executing on the cyber resilience strategy that compliments the bank’s overall risk management framework, and for maintaining compliance with relevant regulations.
Cyber Risk Management
- Support the Senior Manager Cyber Risk and Chief Information Security Officer (CISO) with embedding of a systemic risk culture and promoting transparency across the business.
- Engage and build relationships with the three lines of defence as key internal stakeholders.
- Provide cyber risk subject matter expertise to change programmes and projects as required.
- Work collaboratively with first line and second-line teams to review and maintain RCSAs. The role should ensure risks owners build good awareness and understanding of each risk, both systemic and non-systemic; and to identify emerging risks that could result in a threat to Nedbank’s Group sustainability.
- Ensure that risks are managed and anticipated by monitoring and analysing risk and risk trends.
- Ensure that identified risks are treated by facilitating the development of mitigating actions and monitoring the implementation thereof.
- Monitor adherence and compliance to the cyber resilience and risk management framework.
- Ensure that the operational risk reporting to the various structures is accurate; relevant and comparable by reporting timeously and proactively.
- Be a cyber security subject matter expert for the bank by providing expert advice on all aspects of cyber security risk management.
- Build and maintain professional relationships by information sharing and professional networking within the bank.
- Build and maintain internal stakeholder relationships through collaboration with stakeholders and regular communication via various media.
- Assist with coordinating group wide Information Security risk and maturity assessments in line with the group's risk management frameworks.
- Collaborate with stakeholders, including GT ISD, BISO, Procurement, legal, compliance and business teams, to develop and implement cyber resilience strategy, framework, and policies.
- Identify, develop, and enhance policies, standards, procedures and guidelines and drive implementation and compliance throughout the group.
- Maintain a view of current information security threats and trends globally by conducting research and perform threat modelling and threat vector analysis at a group wide level.
- Support the achievement of the business strategy, objectives, and values by ensuring delivered systems, process, services, and solutions are aligned.
- Report regularly to senior management, Exco and Board on the status of cyber resilience efforts, including risks and cyber incidents.
- Participate in joint implementation of industry-wide cyber security standards and guidelines.
- Joint advocacy for cyber security policies and regulations that benefit the industry.
- Identify training courses and career progression for self through input and feedback from management.
- Ensure all personal development plan activities are completed within specified timeframe.
- Share knowledge and industry trends with team and stakeholders during formal and informal interaction.
- Obtain buy-in for developing new and/or enhanced processes (e.g. operational processes) that will improve the functioning of stakeholders' businesses by highlighting benefits in support of the implementation of recommendations.
- Contribute to a culture conducive to the achievement of transformation goals by participating in Nedbank Culture building initiatives (e.g. staff surveys etc).
- Seek opportunities to improve business processes and systems by identifying and recommending effective ways to operate and adding value to Nedbank.
- Plan and Coordinate activities for Nedbank Group Cyber resilience projects and ensure effective tracking and reporting to CISO management and various oversight forums.
- Collaborate with internal stakeholders to plan, resource, prioritise and drive execution of Nedbank Group Cyber resilience projects
- Identification, assessment, tracking and managing mitigations of risks that impact project timelines and deliverables and allocation of risk owners.
- Promote and direct issue management for key groupwide cyber resilience projects.
- Monitoring project performance and assisting in the mitigation of all project risks through the governance structures.
Essential Qualifications - NQF Level
- Matric / Grade 12 / National Senior Certificate
- Bachelor’s degree in computer science or management information systems
- Advanced Diplomas/National 1st Degrees
- Certified Information Security Manager (CISM)/ Certified Information Security Auditor (CISA)
- PMI or other PM accreditation
Minimum Experience Level
- 6-7 years of Cyber Risk management experience
- In depth technical knowledge on operating systems, databases, applications
- Experience in a bank preferred
- 3+ years in a project delivery role
Type of Exposure
- Exposure to threat modelling. The candidate should have experience with looking what cyber threats their organisation faces, take that through to risks and considering whether controls in place mitigates the risk
- Exposure to identifying critical assets for their organisation
- Exposure to cyber risk frameworks. One or more of the following (NIST cyber framework / NIST standard, ISF, ISO27001/2, FFIEC)
- Passion for Cyber
- Eager to learn
- Ability to collaborate with people outside of the direct team to achieve objectives
- Ability to create and present reports to various stakeholders
- Commercial Banking products, processes, and systems is essential.
- Coaching and mentoring others
- Managing multiple projects
- Conducting research from multiple sources
- Comparing sets of information
- Communicating standards to others
- Conducting gap analysis
- Conducting root cause analysis
Technical / Professional Knowledge
- Administrative procedures and systems
- Banking knowledge
- Banking procedures
- Data analysis
- Governance, Risk and Controls
- Microsoft Office
- Principles of project management
- Relevant regulatory knowledge
- Relevant software and systems knowledge
- Business writing skills
- Cluster Specific Operational Knowledge
- System Development Life cycle (SDLC)
- Information Security terms and definitions
- Basic computer concepts
- Relevant Operating System
- Information Security policies and procedures
- Vendor Management Principle
- Applied Learning
- Customer Focus
- Initiating Action
- Managing Work
- Conflict resolution
- Problem solving
- Technical/Professional Knowledge and Skill
Please contact the Nedbank Recruiting Team at +27 860 555 566
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Penetration Tester jobs
- Open Senior Security Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Cybersecurity Analyst jobs
- Open Security Operations Engineer jobs
- Open Product Security Engineer jobs
- Open Consultant SOC / CERT H/F jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open IT Security Analyst jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Specialist jobs
- Open Chief Information Security Officer jobs
- Open Senior Security Architect jobs
- Open Senior Cyber Security Engineer jobs
- Open Security Specialist jobs
- Open Ingénieur DevSecops H/F jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Information System Security Officer (ISSO) jobs
- Open Agile-related jobs
- Open C-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open CISM-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Analytics-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open IAM-related jobs
- Open CISA-related jobs
- Open SaaS-related jobs
- Open DevOps-related jobs
- Open Threat intelligence-related jobs
- Open Security Clearance-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open Malware-related jobs
- Open CI/CD-related jobs
- Open Splunk-related jobs
- Open APIs-related jobs
- Open DevSecOps-related jobs
- Open IDS-related jobs