Job purpose:

As a Cryptography Specialist for the Cryptography services team within Standard Bank, the function forms part of an integrated global team dedicated to mitigating risks through the efficient and effective application of information security expertise.
This role performs the following activities in order to prevent significant reputational, financial or other loss to Standard Bank and its clients:

Development, provisioning and successful execution of cryptography services for the Group.
Provide technology consultancy services and technical support for the Cryptography environment.
Provide technology consultancy services and technical support for the Certificate and Key Management.
Key responsibilities:

Development, provisioning and successful execution of cryptography services for the Group.

Coordinate shared service offerings from Cryptography Services to its customer base
Contribute to development / maintenance of Cryptography Service Catalogue
Establish and maintain 'fit for purpose' cryptographic technology architectures, working closely with other teams in the security environment i.e. Engineering, Risk and Governance and Service management.
Ensure the confidentiality, integrity and availability of cryptographic and key management services to business functions and applications.
Manage the installation, commissioning and configuration of specialist cryptographic devices.
Ensure maintenance of accurate records of all cryptography components/systems
Ensure development and maintenance of auditable processes to enforce consistency
Collaborate with the Group Operational Risk Officer, Business Information Security Officers (BISOs) and other Group stakeholders to ensure that services offered are relevant, timely, of appropriate quality and cost-effective.
Ensure that declared service levels are being met and provide ongoing support, performance review and mentoring where appropriate.
Escalate need to redirect investment or change practices as needed to mitigate critical risks identified or ensure regulatory compliance
Identify and implement best practices to ensure continuous improvement in quality and relevance of service offerings
Provide feedback to Security Strategy, Best Practice and Planning group on ways to enhance short, mid and long term Information Security Strategy
Participate in the development of new services to be added to the Cryptography Services portfolio
Review & evaluate all security incidents as per security management procedures and take corrective action.
Ensure adherence of Cryptography Services per the Information Security Policies / Guidelines
Establish and Maintain Certificate Authority for the Group.
Report non-compliance & deviations to appropriate stakeholders.
Provide support to the Global Computer Incident Response Team

Provide technology consultancy services and technical support for the Cryptography environment.

Analyse and evaluate all new communication interfaces, and provide secure solutions where required.
Provide technical security consultancy into projects as required.
Provide cryptography system administration & associated auditing for supported environments
Identify business areas requiring increased security controls to protect the organisation and its end users from future incidents of fraud.

Mitigation of Risk:

Demonstrate a strong understanding of the business, operational and risk environment
Conduct regular evaluations of potential threats and model the business risk landscape against the actual security exposures
Recommend security solutions; convince business of the need to implement within an agreed timeframe to mitigate against violations, threats and exposures.
Manage, direct and monitor the implementation of the recommended solutions.
Continuously formally report on status/ progress.


Reporting:

Monitor and report on risks and vulnerabilities with suggested recommendations

Internal and external relationships The role is global in nature and works in matrix between the IT Security team and the Business Information Security Officers.

Requires coordination with executive management, vendors, auditors, and line of business departments to enhance information security.

Requires sound relationships with “control & governance” functions, including Group legal, audit & compliance, Human Resources and heads of functional business units to define responsibilities as they pertain to information security.

Summary of key relationships:

Group Operational Risk Officer
GTO Management team
GTSS Service Delivery Management team
Business Information Security Officers
Business Information Security Teams
Group Financial Crime & Control (GFCC)
Group Audit
Group Legal
Group Finance
Group Compliance
Group Operational Risk
External networks
Development teams
Production support areas
Vendors

Qualifications:

University graduation with a degree in Business, IT or a related subject
Information Security and /or Information Technology industry certification (CISM, CISSP, or GIAC equivalent) strongly preferred.
Appropriate professional accreditation in IT Security
Appropriate professional qualifications / accreditations / experience in Cryptography / Key Management

Knowledge:

Knowledge of domestic and international banking industry
Knowledge of regulatory requirements of home markets (e.g., SARB, UK, Argentina) as well and card association(Visa, MasterCard, etc) standards
Experience with programming on Linux and Windows environments
Demonstrate knowledge of standards associated with the role, e.g. ISO, CobiT, ITIL, etc.
In-depth knowledge on encryption standards and protocols
In-depth understanding of web certificates
Knowledge on cryptographic devices such as Thales HSM and IBM Crypto Coprocessor devices
Proven ability for incident management and software development lifecycles

Experience: Area:

Cryptographic experience within financial services
Proven knowledge and understanding of Certificate Management
Knowledge and experience on Cryptographic hardware device such as Thales HSM and IBM crypto cards
Web and application code developments
Experience working in a multi-vendor and outsourced IT environment