Chief, Information & Security Officer

Company Description

Standard Bank Group is a leading Africa-focused financial services group, and an innovative player on the global stage, that offers a variety of career-enhancing opportunities – plus the chance to work alongside some of the sector’s most talented, motivated professionals. Our clients range from individuals, to businesses of all sizes, high net worth families and large multinational corporates and institutions. We’re passionate about creating growth in Africa. Bringing true, meaningful value to our clients and the communities we serve and creating a real sense of purpose for you.

Job Description

The Chief Information  & Security Officer is a second line function and is independent from day-to-day information technology operations. The role is responsible and accountable for executing the cyber and information risk management framework with sufficient authority and resources.

Essential Functions

• Provide leadership to the Bank's information security organization.
• Oversee and enforce cyber and information risk management policies, frameworks, and other technology-related regulatory requirements.
• Monitor performance and outcomes of cyber resilience and intervene if necessary to ensure that specified direction is followed.
• Review and assess risks associated with changes in the cyber and information risk landscape.
• Setup mechanism to monitor cyber and information security threats on an ongoing basis, and to promptly detect, analyse, and respond to cyber and information security incidents.
• Cultivate a strong level of awareness of and commitment to cyber resilience by conducting comprehensive cyber and information risk awareness training programmes to its members of staff and other stakeholders.
• Develop, implement and monitor a strategic, comprehensive enterprise information security risk management program.
• Understand and interact with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems and services.
• Regularly apprise the board of salient and adverse cyber and information risk developments and incidents that are likely to have a major impact on the regulated entity in a timely manner.
• Collaborate with relevant stakeholders to share cyber threats, incidents, and attacks that the Bank encounters.
• Oversee the evaluation and management of cyber and information risks introduced by third party service providers.

Qualifications

Minimum Qualifications
Type of Qualification: Degree
Field of Study: Business  
Type of Qualification: Post Graduate Degree
Field of Study: Information Technology

Experience Required
Technology Control
Technology
5-7 years
Experience with the implementation and management of information security policies and frameworks within a corporate environment. Experience working with individuals and teams from diverse cultures. Experience in identifying, mitigating and tracking risks and country specific regulatory requirements, and findings recommendations reporting and assurance governance reporting. Experience in assessing and giving opinion on veracity of risk assessments and adherence to technology standards

5-7 years
Strong IT understanding, gaining insight into digital and platform operating models and cyber security trends and solutions. Experience in engaging with a broad spectrum of stakeholders including senior executives. Broad business and finance type experience, specifically within the banking sector. Management
 

Additional Information

Behavioral Competencies:

• Adopting Practical Approaches
• Articulating Information
• Checking Details
• Directing People
• Examining Information
• Exploring Possibilities
• Interpreting Data
• Making Decisions
• Providing Insights
• Pursuing Goals
• Showing Composure
• Upholding Standards

Technical Competencies:

• Compliance Audit
• Information Security
• IT Risk Management
• Knowledge of Banking & Financial Service
• Risk Management
• Stakeholder Management (IT)