INFORMATION SECURITY OFFICER – DURBAN

Al Baraka Bank
Job Overview

CORE PURPOSE OF THE JOB
To fulfil the bank’s obligations in terms of Information Security as highlighted by external audit as well
as regulators. To provide assurance that information security and IT related risks are controlled within
acceptable levels in the organisation. To monitor information security systems, policy development, IT
risk management, implementation and enforcement of security controls together with ongoing
research. Information Security as a segregated function is necessitated in the context of the bank’s
environment.

KEY PERFORMANCE AREAS
 Define & Establish Security Organisation and Security Infrastructure relevant to ABL’s
environment.
 Identify and implement mitigating control measures which cuts across all areas where
information is created, processed, transmitted and archived.
 Develop and maintain ABL information security policies, procedures and guidelines in line with
prevailing governance and security frameworks.
 Encourage ABL compliance at an organisational level in respect of the conditions for the lawful
processing of personal information;
 Assess internal / external Audit security observations with supporting details of corrective
actions, mitigating factors and preventative measures as appropriate.
 Ensures that the Bank complies with PAIA and POPI: Risk Assessment frameworks.
 Deals with requests for access to information from third parties incorporating receipting,
processing and determining whether access to information held by the bank should be given to
such third parties;
 Monitor compliance with information security policies, procedures and standards.
 Approve firewall changes and remote access requests.
 Evaluate changes in asset base and resultant security implications at least twice a year.
 Maintain Security Registers for recording, tracking, follow up and reporting purposes.
 Lead the Management Security Forum and the Incident Response Team.
 Prepare reports and recommendations to Security Committee in respect of security
incidents/events, outcomes and follow up progress.
 Act as official ABL point of contact information security, privacy and copyright infringement
incidents, including relationships with law enforcement agencies.
 Assess Security components in respect of new and existing applications, utilities or programmes
that are acquired to ensure conformity with information security standards and best governance
practices.
 Review, Acquire and Implement appropriate Software and/or Appliances for the purpose of
monitoring information security and related standards.
 Ensure continuity threats and vulnerabilities are assessed on a regular basis and incorporated
into the relevant risk assessments (bi-annually or more frequently if warranted by prevailing
circumstances).
• Keep abreast of latest security and privacy legislation, regulations, security alerts, threats and
vulnerabilities relevant to ABL.
• Consult and advise on general information security issues
• Co-ordinate the development and delivery of training and awareness programs for ABL personnel
to develop security skills for staff at an organisational-wide level.
• Provide training/ awareness sessions to employees regarding security of information;
• Management reporting required for Executive, Risk, Audit and Board Committees as required
from time to time.

PREFERRED QUALIFICATIONS
• Relevant degree, diploma or equivalent qualification in Commerce/Computer Science or other
applied sciences.
• Professional information security qualification (e.g; CISSP, CISO, CISM, CISA)
• MCSE/MCSD Certification would be advantageous
• Certificate in MS Office suite of applications.
• Certificate in use of CAAT tools.

PREFERRED EXPERIENCE
• 2-3 year’s relevant experience in information security or related field (preferably across multiple
areas of IT and Risk) within a similar environment with demonstrated experience in personnel/3rd
party security.
• 2 – 3 years’ experience in Systems & Network Security operational environment would be
advantageous.

SKILLS REQUIRED
• Good interpersonal skills.
• Communication and liaison skills
• Good understanding of IT and IT Security Management
• Information Security Strategic Planning
• Organisational skills and capabilities
• Ability to work under pressure and meet deadlines.
• Ensure upholding of Code of Ethics
• Display high moral standards and personal ethics.
• Analytical and problem solving ability

KNOWLEDGE REQUIRED
• Extensive Knowledge of Information Security in line with ISO/COBIT.
• Knowledge of Global Security Standards and best practices insofar as Information systems &
technology is concerned.
• Knowledge of the Banking Systems, ERP Systems, and Electronic banking systems.
• Knowledge of Global Hardware & Software systems and Server/End-user applications.
• Knowledge of Network Architecture, Design, Composition & Standards (Routers, Servers
• An understanding and knowledge of a Banks Policies and Procedures.
• Knowledge of company’s Code of Business Conduct.
• Full understanding of Regulatory, Board & Executive Management reporting requirements.
• Knowledge or Auditing and Risk Management techniques

Please send your CV to hr@albaraka.co.za

Job Detail
Shortlist Never pay anyone for job application test or interview.