The primary objective of this position is to realise the responsibilities of the Prudential Authority (PA) in respect of the supervision and regulation of information security and cyber in regulated entities. The successful candidate will be involved from an information security and cyber governance perspective and operationally will be responsible for on-and off-site analysis.
The successful candidate will be responsible for the following key performance areas:
- To identify methods and processes of improvement in the areas of information security and cyber risk supervision across the financial sector, i.e. banks, insurance entities and financial market infrastructures.
- To develop cyber regulatory instruments / frameworks / standards / directives and guidelines for adoption across the industry.
- Apply appropriate analytical techniques, methodologies and technologies to meet the research objectives.
- Produce intelligence outputs to provide an accurate depiction of the current threat landscape and associated risk.
- Liaise with key internal and external stakeholders regarding current and developing cyber threats.
- Identify, collect, collate, analyse and document cyber security threats to the financial sector using threat intelligence information from multiple sources internally and externally.
- Plan and prioritise work in conjunction with team leads and other stakeholders.
- Conduct ongoing research into legislative and best practice cybersecurity requirements.
- Review risk and threat information in order to identify applicable gaps in the industry.
To be considered for this position, candidates must have:
- a relevant degree (NQF 7) in information security, information technology or an equivalent qualification; and
- at least five to eight years’ working experience in an information security or cybersecurity governance environment in the financial sector.
The following would be an added advantage:
- Relevant security certifications: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified in Risk and Information Control (CRISC) or Certified Information Systems Auditor (CISA).
The following job-related knowledge and understanding is required:
- Solid knowledge of risk management, compliance and Information security governance.
- Have had exposure to cyber risk frameworks.
- Knowledge of financial sector Regulations.
- An understanding of the key issues and risks facing financial institutions registered in South Africa and related entities, with a specific focus on cyber.
- Knowledge of, and experience in, the financial system, financial products, and risk models and systems.
- Knowledge of international Standard-setting bodies such as Basel, IAIS and CPMI-IOSCO.
- Knowledge of the relevant cyber management practices and standards.
- Understanding of cyber risk trends.
- Knowledge of leading information security best practices.
The following job-related skills and attributes are required:
- problem solving and analysis;
- business acumen;
- strong verbal and written communication;
- planning and organising;
- effective time management skills;
- competence in information technologies;
- influencing, building and maintaining relationships; and reliable own transport as the position requires regular travel between the PA’s offices in Pretoria and the offices of regulated entities which are generally outside Pretoria.