Cyber Security Specialist at Absa Bank Limited

Job Summary

To provide specialist advice & support in the development & implementation of IT security service delivery processes, methods and techniques enabling secure management & control of IT access, in alignment with governance requirements.

Overall Job Purpose:

To drive IT Risk compliance which ultimately ensures that all the Bank’s management data, processes, risks, and controls are effectively operating. Ensure that all cybersecurity activities and duties are carried out in full compliance with regulatory requirements, Enterprise-wide Risk Management Framework and internal Absa Policies and Standards. Understand and manage cyber security risks and risk events.

Accountability:  60%

• Assessing the risks and exposures related to cybersecurity and aligning to the Bank’s risk appetite.
• Monitoring current and emerging risks and changes to laws and regulations for appropriate actions.
• Collaborating with stakeholders charged with safeguarding the information assets at Absa to ensure appropriate control design and configurations.
• Maintain comprehensive cyber risk registers: Key cybersecurity risks should be regularly identified and assessed. Risk identification should be forward looking and include the security incident handling.
• Ensure implementation of the cyber and information risk management strategy including cyber risk policies and standards.
• Safeguarding the confidentiality, integrity and availability of information asset and Technology platforms.
• Establishing & maintaining a comprehensive inventory of IT assets and classified by business criticality.
• Run the vulnerability management program to ensure vulnerabilities are identified, prioritized, and remediated on time.
• Engage with stakeholders across the Absa Group to motivate and drive remediation of vulnerabilities and identified issues.
• Engage with Project Management teams to ensure all new projects are security assessed and in line with the bank’s cyber security policies and standards.
• Coordinate penetration test, red team and audit engagements with both internal and external assessment teams.
• Respond to Cyber security incidents in coordination with the Group Incident Response and Forensics team.
• Report Cyber security incidents to the regulator as specified in the prudential guidelines

Accountability:  20%

• Implement parameters to measure Cyber risks exposure.
• Monitoring adherence to cyber risks policy & standards to drive remediation measures.
• Reporting all cyber risks consistently and comprehensively to the senior leadership & relevant stakeholders to facilitate appropriate decisions.

Accountability:  10%

• Coordinate Cybersecurity awareness activities across the bank from strategic, technical, and general sensitization.
• Create Cybersecurity awareness circulars for customers.
• Coordinate cybersecurity awareness for the Board members.

Accountability:  10%

• Research on emerging cybercrime trends and gathering threats intelligence for onward sharing.
• Coordinate red team exercises.
• Coordinate penetration testing activities for new and existing applications and infrastructure.

Education and experience required

• B-degree in (Computer Science / Information Technology) (NQF level no.)
• CISSP / CISM / CEH or equivalent certification
• (5) years Technical experience

Knowledge and skills: (Maximum of 6)

• Proficiency with Linux and Windows operating systems
• Network monitoring
• Vulnerability Assessment and Penetration Testing
• Risk Assessment
• Incident Response
• Data Analysis and Reporting

Competencies: (Maximum of 8 competencies)

• Deciding and initiating action
• Learning and researching
• Entrepreneurial and commercial thinking
• Relating and networking
• Adapting and responding to change
• Persuading and influencing