Information Security Officer – Rest of Africa

Focus of the role
The Information Security Officer (ISO)’s role is to provide information security risk management and cybersecurity expertise to all the RoA markets, including but not limited to, risk analysis, consultancy, best practice guidance and process improvements. The role works closely with project teams, service providers, IT heads, business unit executives and other assurance providers like audit and Enterprise-wide Risk Management to achieve these outcomes. 
The candidate is expected to bring pragmatic Information security experience to promote business outcomes of the RoA markets in a secure manner that meets internal policies and regulatory compliance requirements.
Key result areas

Supports the RoA Lead Information Security Officer in implementing and embedding risk and information security management processes across RoA
Drives the management of internal and external audit issues and third party, system and production risk issues
Fosters a culture of proactive risk management by embedding key processes like risk and control self-assessments, documentation of issues being actioned by management (IBAMs), exposure management and risk remediation
Collaborates with the Information Security Managers, IT executives, business unit management, assurance partners and other stakeholders to promote a positive risk culture and instil confidence regarding the management of IT and Information Security risks
Works closely with the Architecture team, application owners, scrum masters and other stakeholders to embed security and manage risk in the design and implementation of all IT systems and platforms
Participates in the investigation, documentation and resolution of information security issues identified in the markets, working with the local teams
Provides technical assistance to segments requiring subject matter expertise
Manages the RoA issues log and ensures that all risks are identified, captured, assigned appropriate actions and suitable ownership, and are regularly updated with progress statuses
Liaises with project managers, implementation teams and service providers in support of the implementation of Information Security Programme initiatives
Promotes adoption and optimal use of the various security tools deployed across the markets
Assists with interpretation of relevant policies, standards and controls, and provides advice on approaches to meeting the requirements

Qualifications, skills and experience

A tertiary qualification in an IT-related field
An information security-related professional certification will be an added advantage
At least five years’ experience in a similar role. Experience in the financial services sector (insurance/banking) will be beneficial
Good working knowledge of security technologies covering intrusion detection and prevention, anti-malware, vulnerability management, cloud access security, attack surface management and extended detection and response
Strong analytical and problem-solving skills

Competencies

Strategic
Leading with Influence
Collaboration
Customer First
Execution
Innovation
Personal Mastery

Apply via :

oldmutual.wd3.myworkdayjobs.com