• Bachelor’s degree in Computer Science, Information Systems, Computer Engineering, Systems Analysis or a related discipline (NQF Level 6).
• Information Security Certifications such as Certified Information Systems Security Professional Certification (CISSP) or Certified Information Security Manager (CISM) is advantageous.
• Minimum 7 years’ experience leading the information security system office and applying information security, risk management and privacy practices
• Minimum of 7 years practical experience designing and implementing enterprise information technology security
• Minimum of 7 years of practical experience working with information privacy and security laws (such as PCI-DSS, and data breach reporting laws), generally accepted information security principles, and accepted industry practice.
• Experience with information disaster recovery planning and testing, auditing, risk analysis, business system resumption planning, and contingency planning.
• Experience working with the Security Regulation
• Excellent written and verbal communications skills with experience presenting to executives and leadership teams with the ability to communicate security and risk-related concepts to technical and non-technical audiences.
• Very strong business analysis skills, problem solving techniques, and follow-up
• Knowledge of national and international regulatory compliance and frameworks such as SOX, BASEL (xx), and PCI DSS
• Leading the information security team, responsible for establishing and maintaining Postbank information risk management program.
• Develop and articulate a shared vision for a “best in class”, Information security program to ensure information assets are adequately protected and Partnering with SAPO IT.
• Responsibilities include identifying, evaluating, protecting against and reporting on information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of Postbank.
• This position serves as the process owner of all ongoing activities related to the availability, integrity and confidentiality of customers, business partners, employees and business information in compliance with Postbank information security policies.
• Chair the Postbank technology Risk Committee, that brings together key security and risk stakeholders to develop and review Postbank enterprise security and risk strategies
• Develop, publish and maintain comprehensive information security standards, policies, procedures and guidelines.
• Develop, implement and monitor a strategic, comprehensive enterprise information security and risk management program to ensure the integrity, confidentiality and availability of information owned, controlled or processed by the Postbank.
• Ensure the effective and efficient management and control of functions/resources in accordance with the stipulations of the Public Financial Management Act, fraud prevention and risk management principles, legislation, company policies, processes, regulations.
• Manage performance of direct repartees ensuring agreement of annual goals, measuring performance against agreed goals and dealing with non-performance accordingly
• Talent management of direct reports, including career development and paths for all staff