(936) Chief Information Security Officer – BSTD needed at South African Reserve Bank

Detailed description

The successful candidate will be responsible for the following key performance areas:

• Develop, review, update and oversee the execution of the SARB’s cybersecurity information strategy.
• Establish, lead (i.e. develop functional plans aligned to the SARB and departmental strategy) and oversee the day-to-day operations of the CISU.
• Define cybersecurity policies, standards and procedures and ensure the SARB complies with these.
• Oversee and monitor the capability to proactively anticipate and detect threats to the SARB Group’s information and supporting systems.
• Oversee the proactive identification of security vulnerabilities in the SARB Group’s information systems, security architecture and security governance.
• Ensure the containment and mitigation of threats and vulnerabilities through the implementation of the SARB Group cyber and information security governance processes, architecture, procedures, policies, standards and awareness initiatives.
• Ensure an effective and efficient security response by overseeing the implementation of appropriate cyber and information security capabilities, including but not limited to endpoint security; network security, security information and event management; and security orchestration, automation and response, and by coordinating Cyber Security Incident Response Team (CSIRT) investigations and providing recommendations for improvement.
• Develop, implement and monitor staff training and awareness campaigns.
• Advocate for the application of sound cyber and information security practices at an institutional and individual level.
• Establish and maintain strategic stakeholder relationships with relevant board committees and individuals in the SARB and with its subsidiaries.
• Facilitate cooperation across the financial industry to prevent and mitigate cyber threats and, if necessary, chair/support an industry CSIRT to restore services to the industry.
• Facilitate cooperation, strategy and standards across Southern African Democratic Community central banks to prevent and mitigate cyber threats in the region.
• Facilitate (through chairing, where necessary) cooperation with international financial institutions (i.e. other central banks, the Bank for International Settlements and the International Monetary Fund) and participate in the Operational Security Situational Awareness Technology Group.
• Participate in the Brazil, Russia, India, China and South Africa (BRICS) cyber working group, leading the group approximately every five years.
• Ensure that the SARB is continuously compliant with legislative and regulatory requirements relating to cyber, privacy and information security, and update and implement identified standards and best practices (either in own team or through other internal teams).
• Ensure that cyber and information security risks across the SARB are identified and assessed and that mitigating actions are implemented and monitored.
• Define, implement and monitor a data protection strategy.
• Provide thought leadership on all aspects of cyber and information security to all stakeholders, including the SARB Board of Directors, the Governors’ Executive Committee and various subcommittees
• Manage the performance and development of direct reports and employee coaching and mentoring, and promote and support career management and development within the CISU.

Qualifications

Job requirements

To be considered for this position, candidates must be in possession of:

• an Honours degree in Business Management, Information Technology (IT) or an equivalent qualification; 
• advanced certification covering cyber/information governance and cyber/information security, including but not limited to Cyber Information Security Manager, Certified in Governance for Enterprise IT, Certified Information Systems Security Professional, Information Systems Security Architecture Professional/Engineering Professional/Management Professional, and/or an equivalent certification; and
• a minimum of 10 to 12 years’ experience in a cyber and information security-related field, with a minimum of 5 years’ experience in managing teams.

The following would be an added advantage:

• privacy certification; and
• a Master’s degree or an equivalent qualification in a related field.