REQ 136716
Location: Johannesburg
Job Family
Risk, Audit and Compliance
Auditing
Manage Self Professional
FAIS Affected
Job Purpose
To perform assurance activities in the form of control reviews and risk assessments on various cyber elements in the bank,
Collaborate with other functions in the bank to execute on the cyber resilience programme.
Job Responsibilities
• Be a cyber security subject matter expert for the bank by providing expert advice on all aspects of cyber security risk management.
• Build and maintain professional relationships by information sharing and professional networking within the bank.
• Build and maintain internal stakeholder relationships through collaboration with stakeholders and regular communication via various media.
• Assist with coordinating group wide cyber-resilience risk and control assessments in line with the group's risk management frameworks.
• Analyse data to form a repeatable, defendable opinion.
• Identify, develop and enhance policies, standards, procedures and guidelines and drive implementation and compliance throughout the group.
• Maintain a view of current cyber-resilience threats and trends globally by conducting research.
• Support the achievement of the business strategy, objectives and values by ensuring delivered systems, process, services and solutions are aligned.
• Identify training courses and career progression for self through input and feedback from management.
• Ensure all personal development plan activities are completed within specified timeframe.
• Share knowledge and industry trends with team and stakeholders during formal and informal interaction.
• Obtain buy-in for developing new and/or enhanced processes (e.g. operational processes) that will improve the functioning of stakeholders' businesses by highlighting benefits in support of the implementation of recommendations.
• Seek opportunities to improve business processes and systems by identifying and recommending effective ways to operate and adding value to Nedbank.
Essential Qualifications - NQF Level
Preferred Certification
• Certified Information Security Manager (CISM) or Certified in Risk and Information Systems Control (CRISC) or Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP)
Minimum Experience Level
- 3 +years of audit/risk management experience specific to cyber and/or information security.
Types Of Exposures
• The candidate should have experience in cyber risk management as well as the testing of cyber controls.
• Exposure to cyber risk frameworks such as NIST cyber framework, NIST standard, ISF, ISO27001/2, FFIEC.
• Passion for Cyber.
• Eager to learn.
• Ability to work with people outside of the direct team in order to achieve objectives.
• Ability to create and present reports to various stakeholders.
Technical / Professional Knowledge
- Audit reporting
- Audit standards and practices
- Banking knowledge
- Governance, Risk and Controls
- Ethics and Fraud
- Reputational risk management
- Information technology
- Business writing skills
- Regulatory, Legal and Economics Principles
- Business Acumen
- Managing Work
- Monitoring Information
- Building Partnerships
- Quality Orientation
- Work Standards
- Courage
#J-18808-Ljbffr