Information Security And Data Privacy

Job Summary

The job holder will be a member of the Information Risk Management Team responsible for implementing the Logical Access Management & Data Privacy guidelines across country. The primary function of the role is to ensure information is protected effectively and consistently with its criticality.

Job Description

ccountability: Logical Access Management, IT Security & Data Privacy: – (40%)

Outputs:

• Oversee and support the country Information Risk Managers.
• Assisting the IRM team with identifying appropriate mandates/role profiles for employees, contractors and vendors.
• Establishing a process that maintains roles through movements of individuals (joiners/movers/leavers).
• Identifying Toxic Combinations and Segregation of Duties
• Security Violations Monitoring process.
• Embed EM Logical Access Management & Data Privacy Standards and procedures.
• Ensure that LAM & DP policies and standards are embedded in all unit via performing regular snap checks.
• Work with Local IT in ensuring new applications roll out to ensure it is complying with LAM policy requirements.
• Reviewing and complying to Data Regulation Laws and Regulations impacting on Data Privacy and Security.
• Providing LAM and security reports.
• Participate in localisation and review of standards and policies.
• Conduct IT Security induction sessions for new joiners
• Conduct continuous IT security refresher awareness sessions.

Accountability: Cyber & Risk Management and Governance: -(50%)

Outputs:

• Ensure manual schema reviews for on boarded and non-onboarded applications are completed timely.
• Ensure business continuity management activities are completely conducted in a timely manner for the function.
• Ensure Privileged and non-privileged Certifications for on boarded and non-onboarded applications are completed timely.
• Ensure Open work items are remediated timely (Rogue, inactive and uncorrelated
• Ensure snap checks are distributed and completed timely (Monthy, quarterly and yearly).
• Ensure Minimum control requirements (MCRs) are completed and submitted timely.
• Engage with local IT Security and System Administrators regarding Logical Access issues.
• Coordinate and prepare packs for monthly Digital Risk Control Forum sessions timely.
• Participate in the running of the in-country Data working group (DWG).
• Ensure continuous tracking and coordination of remediation for End of life/ End of Support infrastructure.
• Continuously track and monitor and report on vulnerabilities management.
• Ensure the coordination and closure of penetration test findings.
• Participate in all meetings related to my work and the function.
• Ensure complete issue management using the bank’s issue management systems.
• Collaborate with other team members within and out of the function to respond to incidents until closure.
• Support the business all cyber related incidents and activities.
• Engage with Branch Managers, Team Leaders etc to ensure effective user recertification process.

Ensure that all activities and duties are carried out in full compliance with regulatory requirements, Absa Operational Risk Framework and internal Absa Policies and Standards

Accountability: Leadership: – (10%)

Outputs:

• Live Group behaviours and inspire others in working together to achieve the strategic vision.
• Pursue your own development to increase personal effectiveness, acknowledging strengths and areas of development.
• Attend/complete assigned trainings

Education

Further Education and Training Certificate (FETC): Business, Commerce and Management Studies (Required)