Senior Cyber Security Assurance Specialist

Empowering Africa’s tomorrow, together…one story at a time With over 100 years of rich history and strongly positioned as a local bank with regional and international expertise, a career with our family offers the opportunity to be part of this exciting growth journey, to reset our future and shape our destiny as a proudly African group Job Summary The Senior Cyber Security Assurance Specialist will be responsible for the execution of the cyber security assurance strategy. Through threat modelling and risk assessment, the specialist will be responsible for guiding the security testing and assessment of Absa’s systems, networks, and applications. The specialist will facilitate real-world cyber-attacks on the Absa network environment to assess its security posture to identify risks and vulnerabilities within the network environment. Furthermore, the specialist will be required to perform cyber security assurance testing as planned in the yearly assurance book of work. The specialist will also be required to work closely with stakeholders at different levels to understand their security needs and contribute to the overall improvement of the bank's cybersecurity profile. A proficient understanding of cyber security principles is required as the specialist will serve as an SME to various stakeholders on cyber security matters which affect their business environments. Furthermore, proficient reporting and verbal communication skills are essential for communicating the identified cyber security issues to both the technical and business stakeholders Job Description Accountability: Security Testing

• Formulate the annual cyber security assurance book of work as part of the combined assurance plan with the various stakeholders.
• Work closely with the business and tech stakeholders to risk assess and threat model the business environment as part of the scope definition phase of penetration testing.
• Collaborate with the broader Absa Technology Risk Assurance team to perform cyber security assurance reviews.
• Understand the organization's cyber security capabilities as part of SME discussions.
• Keep abreast of the latest cyber security developments to maintain SME skills.

Accountability: Reporting

• Document and socialize the cyber security assurance memorandum to stakeholders.
• Reword the technical penetration test results into business-friendly terminology for the senior business stakeholders.
• Socialize the cyber security assurance reports to the relevant stakeholders at various levels.
• Solicit and assess the feedback from business and technical stakeholders on possible remedial actions to the cyber security assurance issues.
• Provide the required cyber security assurance related information to the combined assurance coordinator for various committees when required.

Accountability: Vendor Management

• Ensure vendors are onboarded timeously to avoid delays in the execution of the security testing.
• Manage the vendors throughout the security testing to ensure delivery on the agreed scope, quality and timelines.
• Serve as the escalation point in the event of any challenges during security testing.

Accountability: Stakeholder Management

• Build effective working relationships with key stakeholders (including CIOs, Chief Security Office team, and risk managers).
• Hold regular communication sessions with relevant stakeholders (including CIOs, Chief Security Office team, and risk managers).
• Provide cyber security SME services as and when required by stakeholders.

Accountability: Financial Management

• Allocate funds to vendors based on the assigned book of work.
• Ensure purchase orders are allocated to the vendors for the work performed.
• Ensure vendor invoices are processed correctly and on time.
• Monitor expenditure against the overall available budget.

Accountability: Issue Management

• Collaborate with vendors, CIOs, Chief Security Office team, and risk managers to remediate the identified risks and vulnerabilities.
• Perform cyber security assurance issue validation as per the issue management standard.

Accountability: Governance

• Contribute to the definition and maintenance of all processes and standards related to cyber security.
• Support in the development and maintenance of security testing programmes.
• Uphold all documents relevant to the assessment on the allocated system.

Education and experience required

• Bachelor’s degree in Information Systems or related field.
• Professional certification such as CISSP, CISM, OCSP or any other related security qualification is advantageous.
• Previous working experience as a Penetration Tester is advantageous.

Education Bachelor`s Degrees and Advanced Diplomas: Information Systems (Required) Absa Bank Limited is an equal opportunity, affirmative action employer. In compliance with the Employment Equity Act 55 of 1998, preference will be given to suitable candidates from designated groups whose appointments will contribute towards achievement of equitable demographic representation of our workforce profile and add to the diversity of the Bank. Absa Bank Limited reserves the right not to make an appointment to the post as advertised