Cyber Security & Information Risk Specialist

Empowering Africa’s tomorrow, together…one story at a time.

My Career Development Portal: Wherever you are in your career, we are here for you. Design your future. Discover leading-edge guidance, tools and support to unlock your potential. You are Absa. You are possibility.

Job Summary

The job holder will be a member of the Converged Security Office (CSO), responsible to assist in implementing Information Security, Cyber Security, Resilience and Records Management solutions for Mauritius.
The primary function of the role is to ensure that the Bank complies with all Cyber Security, Information Security, Resilience and Records Management requirements from the Group policies.
Additionally, the job holder will assist the Manager to deliver on the CSO strategies and deliverables, both at in-country and ARO level.
The job holder will be involved to deliver on the following areas:
• Raising awareness on Cyber Security, Information Security, Resilience and Records Management across the Bank.
• Ensuring controls as per Group policies and standards are enforced within the Business to ensure information is protected effectively and consistently as per its classification.
• Assist the Manager in delivery of audit, regulatory and governance requirements.
• Assist the CSO team in performing security risk assessments for new projects and initiatives.
• Assist the Manager to build and implement Cyber & Information Security strategies.
• Assist the Manager with Records Management and digital initiatives.
• Assist the BCM Specialist to build & implement Resilience strategies for the Bank.
• Prepare MIs / Reports and ensure timely reporting to Group, Internal committees, Board and Regulators.

Job Description

Cyber Security & Information Risk

• Operate as a direct report to the Manager, working closely with all stakeholders to build and maintain effective relationships between the CSO Team and local business areas.

• Continuously develop and implement Cyber Security, Information Risk & Resilience capabilities in line with needs and expectations of the business.

• Find, share, and implement best practices for Cyber Security, Information Risk, Resilience, Records Management and Data Privacy.

• Be a custodian of Cyber Security, Information Risk, Resilience and Records Management in Absa Mauritius and across the group.

• Assist the CSO team & business in promoting Absa as a secure organisation to do business with, embedding Cyber and Information Risk Management into the local culture.

Third Party Management

• Assist the Manager to carry out Cyber Security and Information Risk due diligence on new 3rd Parties and suppliers.

• Ensure applicable supplier obligations with regards to Cyber Security, Information Risk, Resilience and Records Management are included in the contractual agreements.

• Ensure a duty of care is provided for data and assets in line with Supplier Control Obligations.

• Ensure risk is managed and mitigated in accordance with policy and governance, and that regular reviews of risk are provided.

• Assist the Manager to perform necessary due diligence for cloud solutions and ensure regulatory compliance.

• Accompany the Supplier Relationship Managers (SRM) during visits to provide guidance and best practices on security aspects.

Logical Access Management (LAM)

• Assist the Manager to identify appropriate mandates / role profiles for employees, contractors, and vendors.

• Assist the Manager to establish a process that maintains roles through movements of individuals (joiners/movers/leavers) and assist the business to adhere to the processes in place.

• Assist the Manager with monitoring adherence and violation of mandates, for example unauthorized system access.

• Ensure that identified in-scope applications meet all requirements of the LAM standards.

• Maintain an awareness culture on LAM and strict adherence to LAM Standards.

• Ensure that recertification of user access is performed as per defined timeline.

• Assist the Manager to establish and maintain a process that maintains roles through movements of individuals (joiners/movers/leavers).

• Engage with Group teams to automate provisioning of user access.

Records Management

• Implement and embed the controls on Records Management as mandated by the Group policy and standards.

• Implement paperless initiatives across the organisation.

• Engagement with business functions to promote the use of digital technologies and be less paper based.

EUDA (End user Developed Applications)

• Assist the Manager to embed the EUDA processes in business, ensuring the business is adhering to the Group policy and standards.

• Perform regular checks across the business to identify gaps in their EUDAs and assist the business to remediate those gaps.

• Provide awareness and training on how complete the EUDA assessment and how to adhere to the controls as per the EUDA Standard.

• Engage with business to obtain their EUDA inventory and provide consolidated report to Group.

Information Classification and Handling

• Assist the Manager to implement and maintain the Group policy and standards to ensure business is correctly classifying and handling their records as per the group’s classification matrix.

• Provide assistance and ensure that business maintain a List of Records with regards to data classification, access controls and retention policies.

Education and Awareness

• Provide education and awareness training programme for Cyber Security, Information Risk, Records Management and Data Privacy within the business.

• Engagement with CSO teams & 3rd Parties during Absa Security Month events to organise awareness and training to colleagues.

• Provide ad-hoc training on Cyber Security, Information Risk, Resilience, Records Management and Data Privacy to business as per their request.

Data Leakage Prevention

• Maintain Data Leakage prevention through all identified channels across the organisation.

• Assist the Manager to devise and implement plans and system to manage confidentiality and privacy of information held within the Bank.

• Devise and implements new DLP rules and logic to protect the Bank from data leakages.

Risk and Control Governance

• Collaborate with the CSO Team, Technology Team and ARO teams to maintain Key Indicators at an acceptable threshold. Assist in remediate any indicator which is outside of threshold.

• Assist the Manager to perform risk assessment on Cyber Security, Information Risk, Resilience and Records Management on a regular basis.

Mandatory Risk and Control Objective

• Ensure all activities and duties are carried out in full compliance with regulatory requirements, Enterprise-Wide Risk Management Framework and Internal ABSA Policies and Policy Standards.

• Understand and manage risks and risk events (incidents) relevant to the role.

Resilience

• Assist the Manager and the BCM Specialist to carry out Business Continuity simulation testing across the bank.

• Assist the BCM Specialist to engage with business to update and maintain BCM plans and contact details of stakeholders.

• Actively engaged to provide support to the business during a crisis or disruption of business.

• Participate to develop strategies in terms of resilience and new ways of working.

Reporting

• Prepare the monthly, quarterly, and annual MIs/reports which are submitted to Group, Internal committees, Boards and Regulators.

• Timely completion of required reporting ensuring all deliverables for Absa Mauritius is effectively closed.

Other relevant information

• Provide advice and guidance on Cyber Security, Information Risk, Resilience and Records Management to both business and Technology. Must be able to implement, drive and monitor initiatives and small projects within the CSO Team.

• Must be able to work without supervision and be able to implement initiatives and changes.

• Perform on tasks assigned by the Manager.

• Participate and support the implementation of strategic initiatives.

Role/Person Specification

Preferred Education

• Degree in Information Technology related field / Professional Certification in Information Technology or Cyber Security (ISACA certified or ISO 27001 certified)

Preferred Experience:

• At least 5 years’ experience in an Information Technology related field or 5 years’ experience in Cyber Security or Information Risk.

• Working experience in a financial institution dealing with Cyber Security, Information Risk or Business Continuity Management would be an advantage.

Knowledge & Skills:

• Good understanding of the Cyber Security/Information Risk best practices.

• Good understanding of Cyber Security Frameworks (NIST / ISO)

• Good understanding of IT Security requirements for applications used by Financial Institutions.

• Must be up to date with market techniques and tools for the safeguard of information.

• Familiar with Regulatory requirements on Cyber Security, Tech Risk and use of Cloud services.

Technical Competencies:

• Must have exposure to Vulnerability Management and Penetration testing.

• Must have good knowledge of IT Infrastructure, Applications and Database Security requirements.

• A good understanding of data encryption and data pseudonymization.

• A good understanding of the issues faced with outsourcing to external vendors and experience of conducting vendor assessments.

• Must be conversant with controls on Cloud infrastructures.

• Must be conversant with IT Change Management Process best practices.

• Knowledge on business products to enable an effective review of various areas in Operations and Technology and effectively identify risks and controls.

• In depth knowledge of information classification and handling requirements.

• Exposure to Cybersecurity and information security projects.

Behavioral Competencies:

• Must be able to speak and present in front of a large audience.

• Team Player and solution driven.

• Must be able to engage and manage senior stakeholders of the organization.

Education

Higher Diplomas: Physical, Mathematical, Computer and Life Sciences (Required)