Business Information Security Officer

Empowering Africa's tomorrow, together...one story at a time. With over years of rich history and strongly positioned as a local bank with regional and international expertise, a career with our family offers the opportunity to be part of this exciting growth journey, to reset our future and shape our destiny as a proudly African group.

The Business Unit Business Information Security Officer (BISO) is responsible for integrating cybersecurity measures into the business unit's strategy, ensuring that information security initiatives align with and support its specific goals. The BU BISO acts as a bridge between the central security function and business unit leadership, providing expertise on risk management, compliance, and data protection within the unit's unique operational context. This role involves implementing security policies, conducting risk assessments, and managing security incidents to safeguard the unit's information assets.

• Bridge the gap between business operations and IT security, acting as a liaison and translator between technical security teams and business units to align security initiatives with business objectives and risk appetite.
• Implement and maintain information security policies and procedures, developing and enforcing policies, standards, and procedures aligned with industry best practices and regulatory requirements.
• Conduct risk assessments and business impact analyses, identifying, assessing, and prioritizing information security risks and developing mitigation plans.
• Oversee security awareness and training programs, developing and implementing programs to educate employees on security best practices and promote a security‑conscious culture.
• Collaborate with IT security teams to ensure technical security controls are implemented effectively and aligned with business needs.
• Monitor and respond to security incidents, assisting in investigation and response to contain and remediate threats.
• Manage third‑party security risks, assessing and managing risks associated with third‑party vendors and partners.
• Ensure compliance with regulations and standards such as GDPR, HIPAA, PCI‑DSS, and ISO; maintain compliance and report on security posture and KPIs to senior management.

Relevant Bachelor's degree in Information Security, Computer Science, or a related field.

Industry certifications such as Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), or Certified in Risk and Information Systems Control (CRISC).

8 years in the information technology or related field, including 3 years in IT Project Management.

• Information Security Frameworks and Standards: ISO, NIST Cybersecurity Framework, COBIT.
• Risk Management: Conducting risk assessments, business impact analyses, and developing risk mitigation plans.
• Security Policies and Procedures: Ability to develop, implement, and enforce information security policies and procedures.
• Incident Response: Understanding of incident response processes and procedures.
• Data Privacy and Protection: Knowledge of data privacy regulations and best practices for protecting sensitive information.
• Third‑Party Risk Management: Experience in assessing and managing security risks associated with third‑party vendors and partners.
• IT Security Technologies: Familiarity with key IT security technologies such as firewalls, intrusion detection systems, and vulnerability scanners.

Bachelor’s Degrees and Advanced Diplomas : Physical, Mathematical, Computer and Life Sciences (Required).

Absa Bank Limited is an equal opportunity, affirmative action employer.

In compliance with the Employment Equity Act 55 of
Preference will be given to suitable candidates from designated groups whose appointments will contribute towards achievement of equitable demographic representation of our workforce profile and add to the diversity of the Bank.

Absa Bank Limited reserves the right not to make an appointment to the post as advertised.