Chief Information Security Officer

Minimum Requirements : 8 to 12 years experienceRelevant post graduate degreeExperience in : Both local and global information securityInformation Security ArchitectureInformation Security AuditAdvisory and ConsultingIT and Cyber-Security ManagementCyber AnalyticsVulnerability ManagementAccess Governance, IT and Security Governance, Data PrivacySystems Risk Management and ICT Compliance ManagementSecurity IntelligenceSecurity Threat and Risk AnalyticsAccess GovernanceThreat and Vulnerability AssessmentSecurity Information and Event ManagementSecurity Architecture, Strategy and Operating ModelsResponsibilities : Responsible for the management of the cyber information security operation.Evaluates and matures cybersecurity procedures and capabilities, enhancing the operating and flow methods of the function.

Leads community consciousness, change and communication projects, and ensure that there is an effective staff training programme to enhance the organisation's security culture.Reviews metrics and reporting for financial and risk management.Prevents significant reputational, financial or other loss to the organisation through the efficient and effective application of cyber information security expertise.

Leads a global approach to adopting cybersecurity best practices through effective collaboration with technical, business and industry forums.To address the risk management of the cybersecurity environment and the definition and maintenance of cybersecurity policy and to contain the organisation's cybersecurity risk profile within acceptable parameters thereby achieving the groups risk appetite and enabling the statutory risk management responsibilities of the the company and the Board.Definition, creation and socialisation of long-term strategic direction and broad strategic frameworks and targets to deliver shareholder value for the companyEnsure that there are appropriate structures, processes, policies, standards, governance and controls in place for effectively managing cybersecurity, and hold stakeholders to account.Determine and procure the requisite budget required to deliver the cybersecurity strategy and manage costs / expenses within approved budget to achieve cost efficiencies.To provide all the relevant stakeholders with the assurance that the identification, management and treatment of cybersecurity risks within organisation's systems are being effectively addressed to minimise operational losses, customer impact, service disruption, regulatory and reputational impact.From time to time, provide training, reporting and other ad-hoc responses to specific requests to company Board and governance committees.To give direction to the introduction of cybersecurity across the company and to ensure that effective systems are in place to support policy requirements by providing business units with an information security consultancy service.To liaise and participate on a high level in the IT architecture board and IT Exco and to get involved in the Systems Development Life Cycle of IT systems at an early stage to incorporate information security as an integral part of the system.Represent the company at regulatory and key industry cybersecurity bodies and play a pivotal role in advancing industry position and direction on key issues without prejudice to the companyTo manage the cybersecurity environment within the company with regard to areas that the organisation manage on behalf of segments, supported by Service Level AgreementsProvide access control mechanisms and participate in the management of company access control to systems through a systems to that performs authentication, authorisation, confidentiality, integrity and availability of data and resources and ensuring that the company is adequately protected against loss of confidentiality, integrity and availability of informationTo ensure that an cybersecurity framework exists for the company and to ensure that Information Security Services has a mandate from executive management to perform its duties.

Ensure that cybersecurity products, both hardware and software, fully support the security strategy and policies of the companyTo manage the cybersecurity investigations and security breaches in the company and assist with group investigations into fraud related mattersMonitor access controls and security violations in the mainframe and midrange environment by monitoring data leakage at gateway and endpoint and ensure that data is secured and monitoring system logs to identify potential threats and for usage in investigationTo identify, define and maintain the cybersecurity policy and base line standards for the company and to implement group information security policies across the company that will determine the necessary standards and procedures exists to support the policy ,and to ensure that all information security risks are minimised and controlled in a manner which satisfies the statutory, business and risk management requirements of the companyTo create a cybersecurity risk awareness program for the company and to ensure that staff are aware of cybersecurity risks and carry out monitoring programs in all areas to identify vulnerabilities, non-compliance and poor performance against base lines by participating.Implementing control mechanisms, which enables I&SS to have a view of the status of cybersecurity To develop and implement an cybersecurity strategy that both hardware and software fully support the cybersecurity strategy and policies Further ensure that the strategy is implemented via action plans supported by operational plans which support statutory, business and risk requirements.Ensure regular groupwide collaboration with the segments and subsidiaries respective cybersecurity leads in building the strategy and plans for cybersecurity.

Execute the Business Unit people strategy that nurtures talent and embraces the values, culture and philosophy of entrepreneurship, accountability and innovation in order to meet current and future business needs.Hold direct reports accountable for the implementation of Leadership Strategy that drive behaviour towards high performance through succession planning, coaching and competency development