Information Security Officer – Investment Management
Rory Mackie & Associates
Cape Town, South Africa, Western Cape, ZA
5d ago

The Information Security Officer will implement selected cyber information technology security initiatives with the information technology lines of business to protect their applications and supporting infrastructure from both internal and external threats.

Assists in the management of risks, ensures compliance with regulatory requirements regarding information technology security.

Ensures the appropriate use of assets and educates employees about their information technology security responsibilities.

Assesses and records risk findings and recommends appropriate mitigating controls and plays an enablement role to support IT with risk remediation efforts.

Key responsibilities :

  • Ensure that conditions for lawful processing of personal information and measures set out in POPIA are complied with
  • Ensure that a manual and compliance framework is developed and updated, monitored, maintained, and made available as prescribed by POPIA
  • Participation in Group Information Security Programme (GISP) with regular feedback to the Cluster Manco, on Group-wide information security issues and part of KPI’s.
  • An action plan is required to implement these initiatives in the Cluster with regular reporting to the GISP PM on progress

  • Participate in Group Policies, Standards, Procedures, Guidelines (PSPG) Committee and Group Policy reviews and drive the implementation of Group and information security policies in their Cluster.
  • Review and respond to the PSPG requests within the agreed time as well as active participation on Information Security Forum

  • Keep the Businesses updated about the regulation responsibilities as well as advising Business Entities of their obligations under the regulation laws
  • Identify requirements for additional Information Security policies or standards applicable to the Cluster as well as perform risk assessments that identify gaps in the existing policies.
  • Adapt policies for the Business and agree adaption with Group where required

  • Tailor and develop additional policies or supporting standards, applicable to the Cluster only
  • Ensure that governance processes required to implement PSPGs and Privacy processes are documented and implemented
  • Document processes and artefacts that evidence the governance process was implemented
  • Design a document that specifies the controls to be implemented with documented actions, roles and timelines for Information Security policy standards and guidelines
  • Facilitate process reviews to ensure that policies are implemented
  • Responsible to address all requests and complaints related to Data Protection Laws made by the Business Cluster data subjects
  • Work with all relevant regulators, Group Technology, the Group Compliance Office, ISO and the Group Information Officer in relation to any ongoing investigations
  • Provide input to The Group Technology Cyber Security Committee (GTIGCSC) regarding security awareness campaigns as well as act as the coordinator within the Cluster to Group Security information security and Privacy awareness campaigns
  • Using Risk Assessments, identify the opportunities or needs for more specific awareness or specialized training actions that are required for the Cluster on privacy and information security
  • Create and / or facilitate and distribute the creation of specific awareness materials against security, privacy, data and policies.
  • The Cluster should have an annual awareness training plan that ties in with Compliance and the GTIGCSC Awareness plan

  • Act as the interface to the Cluster when any decisions must be made about logical access on business applications and business data with the responsibility for review of access to business applications.
  • This will form part of a monthly progress reporting on the resolution of issues that were identified during the reviews

  • Assist GTI in performing logical access reviews on centrally managed systems as well as resolve logical access related audit findings for the business applications within the Cluster
  • Act as the primary contact between the Cluster and Group Technology Cyber Security Incident Response Team (GTISIRT) and report information and cyber security incidents
  • Manage the resolution (action plan) to address root causes in the Cluster in relation to cyber security as well as to ensure that all key stakeholders in the Cluster are aware of the process to follow when an incident occurs, and how to log the incident within the formal process
  • Implement the processes to identify information security and privacy risks with determining ownership of such risks and maintaining a risk register
  • Facilitate the process to analyze and evaluate the risks including getting the Business Owners and Deputy Information Officers involved with agreeing the severity of the impact with the Businesses
  • Facilitate the process to agree actions, timelines, and resources to mitigate the privacy and security risks
  • Work with Audit to ensure that privacy and security issues are assigned to the correct owners, track the progress of audit items resolution as well as keep Manco informed on progress of implementation
  • Direct Pen Tests requests and requests for cloud services to GTIGCSC
  • Identify trusted information sources and stay up to date with events and threats happening in the information security industry
  • Evaluate new potential solutions and ensure that security is addressed in Business Cases, requirements, design, development, and stages.
  • Ensure that the solution integrates with existing processes in the Cluster and broader group

  • Document security standards and patterns, based on group agreed best practices and provide non-functional security requirements by ensuring security roles, auditing and data protection is monitored and aligned to the relevant policies for secure development practices
  • Review system design, perform and facilitate application security testing for secure development practices
  • Manage the resolution of vulnerability management issues that were assigned to owners in the Cluster for Infrastructure Security
  • Approve system hardening baselines. Facilitate the approval by the Cluster for requests from GTI to accept risks as well as review and approve security standards proposed by GTIGCSC for Infrastructure Security
  • Minimum requirements :

  • Degree / Diploma with required certification
  • 6 8 years related experience
  • Investment and financial industry experience will be an advantage
  • Report this job

    Thank you for reporting this job!

    Your feedback will help us improve the quality of our services.

    My Email
    By clicking on "Continue", I give neuvoo consent to process my data and to send me email alerts, as detailed in neuvoo's Privacy Policy . I may withdraw my consent or unsubscribe at any time.
    Application form