absa2d ago

New

Chief Information Security Officer(CISO)

Absa House - Abtexecutive

OtherInformation Security Officer

0 views0 saves0 applied

Apply Now

Quick Summary

Overview

Empowering Africa’s tomorrow, together…one story at a time. With over 100 years of rich history and strongly positioned as a local bank with regional and international expertise,

Technical Tools

OtherInformation Security Officer

With over 100 years of rich history and strongly positioned as a local bank with regional and international expertise, a career with our family offers the opportunity to be part of this exciting growth journey, to reset our future and shape our destiny as a proudly African group.

My Career Development Portal: Wherever you are in your career, we are here for you. Design your future. Discover leading-edge guidance, tools and support to unlock your potential. You are Absa. You are possibility.

Job Summary

The CISO is responsible for developing, implementing, and managing the organization’s information security strategy to protect digital assets, data, and technology infrastructure against internal and external threats. This role ensures confidentiality, integrity, and availability of information systems while aligning security initiatives with business objectives and regulatory requirements.

The CISO provides strategic leadership in risk management, cybersecurity governance, and compliance, fostering a culture of security awareness across the organization. They oversee the design and execution of security policies, incident response plans, and disaster recovery strategies, ensuring resilience against evolving cyber threats. Additionally, the CISO collaborates with technology team, group Security Officer Team (CSO) and executive leadership to integrate security into enterprise architecture for securing business growth, digital transformation projects, third-party engagements to foster a culture of security awareness across the organization to ensure Absa Bank Tanzania is prepared to mitigate Cyber threats effectively.

Responsibilities

~5 min read

→
- →Develop, implement and execute an enterprise-wide information security strategy aligned with business objectives.
- →Advise executive leadership and board on emerging security threats, trends, and compliance requirements.

2. Risk Management

→
- →Identify, assess, and mitigate cyber and technology risks across all business units.
- →Establish and maintain a risk management framework and ensure regular risk assessments.

3. Policy & Governance

→
- →Define and enforce security policies, standards, and procedures.
- →Ensure compliance with relevant regulatory and industry standards (e.g., ISO 27001, GDPR, NIST).

4. Incident Response & Recovery

→
- →Lead the organization’s incident response program, including detection, containment, and remediation.
- →Develop and maintain disaster recovery and business continuity plans.

5. Security Architecture & Operations

→
- →Oversee the design and implementation of secure systems, networks, and applications.
- →Manage security operations centre (SOC) collaboratively with Absa Group Team and ensure continuous monitoring of threats.

6. Awareness & Training

→
- →Promote a culture of security awareness through training and communication programs.
- →Educate employees, customers and other stakeholders on cybersecurity best practices.

7. Vendor & Third-Party Risk

→
- →Assess and manage security risks associated with vendors, partners, and third-party services.
- →Ensure contractual obligations include adequate security measures.

8. Budget & Resource Management

→
- →Develop and manage the information security budget.
- →Allocate resources effectively to support security initiatives.

9. Reporting & Metrics

→
- →Provide regular reports to executive leadership and the board on security posture, incidents, and risk.
- →Define and track key performance indicators (KPIs) for security programs.
- →Facilitate financial sector collaboration and information sharing on matters related to cyber threats.
- →Facilitate coordination during major cyber incidents and crises, ensuring alignment across business, technology, communications, legal, and risk functions

Accountability:

→Formulate an organizational methodology for managing cyber and information security risks.
→Develop and update specific and general work procedures for realizing the organization’s cyber and information security policy.
→Integrate and coordinate all business cyber and information security efforts, including oversight and control of all business units participating in these efforts.
→Create a framework for receiving ongoing and ad-hoc reports from various business units.
→Coordinate cyber and information security activities, including joint exercises with business partners and service providers.

Accountability: Management

→Ensure assessment all cyber and information security risk within the relevant business units is undertaken, in order to analyze, assess and report same to Senior Management:

a) The risk levels are integral to the business's technological and business activities.

b) The controls required to ensure the system’s integrity.

c)The level of residual risk and exposure to cyber and information security threats the

business is willing to accept in implementing these activities.

→Ensure preparation of reports on major cyber and information security incidents to the relevant parties.
→Draw up annual and multiannual work plans, including budgeting, prioritization, and timetables for implementing the assessment processes.
→Prepare and submit annual reports to the Senior Management and Board, detailing the business cyber and information security defense level, weaknesses and vulnerabilities, available countermeasures, and the activities and budgets required to enhance its defenses.
→Deliver high quality report to the respective sub board committees.
→Develop a high performing team by embedding formal performance development and informal coaching. Encourage frequent knowledge sharing between team members.
→Review and monitor the adequacy of cybersecurity resources, including budget, staffing, skills, tools, and technologies, and recommend enhancements to senior management where gaps are identified.

Additional Responsibilities

→Continuously learn and monitor cyber and information security issues by identifying trends, methods and advanced developments in the field while gathering information about emerging attack techniques and ways of dealing with them.
→Form a Cyber-Incident Response Team.
→Analyze cyber and information security incidents that have occurred in Tanzania and worldwide, and assess their potential impact on the business, as well as implement the relevant measures proposed.
→Develop metrics and indicators to assess the effectiveness of cyber and information security systems and procedures.
→Assess regular and ad-hoc business cyber and information security controls.
→Be responsible for collaborating with relevant institutions involved in cyber and information security issues.
→Knowledge Management:
→Improve technical knowledge through self-learning or training including mandatory continuous Professional Education requirements.
→Share knowledge in area of responsibility with the team to ensure that audit activities are planned effectively and completed in line with quality standards and audit methodology.
→Present effectively at stakeholder meetings and forums (eg: Risk and Governance Forums etc.) by sharing knowledge and information, including methodology, standards, changes and new developments, with business stakeholders on an ongoing basis.
→Track findings from internal audits, independent assessments, penetration tests, regulatory examinations and any review related to cybersecurity, and monitor the timely remediation of identified issues;
→Perform all other duties as reasonably assigned.

Risk and Control responsibilities:

→Understand and adhere to the appropriate Absa Policies and Standards applicable to the role.
→Understand and manage risks and risk events (incidents) in the role thereby contributing to the adherence to the Absa Risk and Control Framework.

Complete all mandatory training as required.

Technical skills / Competencies

Competencies:

→Education: Bachelor’s degree in computer science, Information Technology, Cybersecurity, or related field; master’s degree preferred.
→Experience: Minimum 10+ years in information security roles, with at least 5 years in a leadership position.
→Certifications: CISSP, CISM, CISA, or equivalent.
→Technical Expertise: Strong knowledge of cybersecurity frameworks, risk management, compliance standards as well as round technology skills such as cloud platforms (AWS, Azure), DevSecOps, and Zero Trust Architecture.
→Leadership Skills: Proven ability to lead cross-functional teams and influence executive decision-making.
→Communication: Excellent verbal and written communication skills; ability to present complex security concepts to non-technical stakeholders, stakeholder influence and crisis communication.

Requirements

~1 min read

Key Performance Indicators (KPIs)

Reduction in security incidents and breaches year-over-year.
Compliance with regulatory and industry standards.
Time to detect and respond to security incidents.
Employee security awareness training completion rates.
Vendor risk assessment completion and remediation timelines.

Able to deal professionally, confidently, and effectively with staff at all levels, internally and externally
Ability to work autonomously
Ability to keep abreast of industry changes in both the business and marketing environments

Able to work under pressure and adhere to strict and tight deadlines on a wide range of tasks
Able to keep abreast of developments in the business and financial services environment
Appreciate changes in technology and delivery channels and their impact on the financial services environment
Occasional Business travel locally and regionally.
Deciding and initiating action
Entrepreneurial and commercial thinking
Persuading and influencing
Creating and innovating

· Staff in own area (manager, subordinates, colleagues)

· [30%]

· Staff outside own area

· [25%]

· Internal customers (other than staff in own area)

· [30%]

· External Customers

· [5%]

· Regulators/Government Agencies

· [10%]

Absa’s Values and Behaviors represent the set of standards which governs the actions of all of us who work for the bank and against which the performance of every one of us in Absa are being assessed and rewarded:

· Trust

· Resourceful

· Stewardship

· Inclusive

· Courage

Education