Share this Job
Apply now »

Business Information Security Officer (BISO)/Cluster Privacy Representative



Johannesburg, ZA

Date:  25-Nov-2021

Job ID


Job Family

Risk, Audit and Compliance

Career Stream

Operational Risk

Leadership Pipeline

Manage Self: Professional

Job Purpose

To develop and monitor the implementation of the Operational Risk Management Framework in Nedbank and its subsidiaries to comply to regulatory requirements and ensure alignment to international best practice.

Job Responsibilities

  • Deliver on the Group Operational Risk Management (GORM) strategies and annual business plans aligned to regulatory requirements (BASEL, Banks Act) and take corrective action, where necessary.
  •  Provide input into the enhancement of the Operational Risk Management Framework (ORMF), methodologies, policies, processes.
  • Improve the effectiveness and relevance of internal and external loss operational risk data.
  • Review outcome of operational risk practices of stakeholders.
  • Monitor and analyse major operational risk losses and control breakdowns.
  • Identify regulatory changes and potential future operational risk impacts.
  • Compile and/or provide input into internal operational risk reports and external disclosures.
  • Engage with stakeholders to obtain an understanding of their operational risk practices to contract, manage and meet expectations.
  • Develop and maintain partnerships with stakeholders to facilitate accomplishments of operational risk objectives.
  • Become a trusted advisor to, and influence decision making of stakeholders by providing an advisory service, guidance and support on operational risk management practices.
  • Facilitate collaboration between stakeholders.
  • Collaborate and maintain relationships internally.
  • Build and maintain relationships with relevant regulators and other assurance providers.
  • Contribute to a culture of transformation by participating in Nedbank culture building initiatives, business strategy, and CSI.
  • Stay abreast of developments in field of expertise, ensuring personal and professional growth.
  • Understand and embrace the Nedbank vision and values, leading by example.
  • Identify opportunities to influence the improvement or enhancement of business processes and methodologies adding value to Nedbank.
  • Provide input into, and advice on the alignment between regulatory capital and Nedbank Clusters' risk profile and risk appetite by recommending corrective action or mitigating strategies to enable Clusters to reduce regulatory capital.
  • Provide input, related to Operational Risk deliverables, into the GORM budget in line with finance requirements and business plans.
  • Contract deliverables, services and pricing with Nedbank Clusters and agree transfer pricing allocation to Clusters.
  • Use budget allocation effectively. Review Nedbank and Business Unit Plan and ensure delivered systems, process, services and solutions are aligned to support the achievement of the business strategy, objectives and values.
  • Share operational risk related knowledge, resources and practices with team to enable upskilling.
  • Obtain buy-in for developing new and/or enhanced processes that will improve the functioning of stakeholders' businesses.

Key Responsibilities

  • Management & Process Results by safeguarding information against accidental or unauthorised modification; destruction or disclosure by analysing business information in line with risk management practices. Monitor for conformance to security policies; standards and other applicable risk related policies

  • Drive compliance to security policies and standards on cluster infrastructure.

  • Be the primary interface between the cluster, Cluster Information Security Office (CISO)  and the Information Privacy Office (IPO)

  • Represent business as an information security representative and cluster privacy representative on the relevant committees.

  • Ensure alignment and implementation of CRRMF in clusters.

  • Assists the cluster in the completion of cyber security risk assessments, ensuring that they are understood, captured in the risk management processes, that appropriate controls are embedded in the day-to-day operation, and remediation of non-compliance is documented and addressed.

Essential Qualifications - NQF Level

  • Advanced Diplomas/National 1st Degrees

Preferred Qualification

  • Advanced Diplomas/National 1st Degrees related to role (e.g. BCOM Risk management degree, BCOM IT, BSC, etc.)

Preferred Certifications

  • Relevant cyber security or data privacy certifications

Type of Exposure

  • Conducting root cause analysis
  • Developing ways to manage risks
  • Drafting reports
  • Sharing information in different ways to increase internal stakeholders understanding
  • Writing business proposals
  • Communicating complex written information Interacting with regulatory and industry bodies
  • Identifying trends
  • Preparing and delivering presentation
  • Analysing business operations
  • Managing multiple projects

Minimum Experience Level

  • Five years’ experience in an IT risk related role of which 3 years specialised inInformation security risk management.

Technical / Professional Knowledge

  • Banking procedures
  • Business terms and definitions
  • Communication Strategies
  • Data analysis
  • Principles of financial management
  • Principles of project management
  • Relevant software and systems knowledge
  • Technologies
  • Cluster Specific Operational Knowledge
  • operational risk

Behavioural Competencies

  • Building Partnerships
  • Communication
  • Decision Making
  • Stress Tolerance
  • Technical/Professional Knowledge and Skills
  • Adaptability


Please contact the Nedbank Recruiting Team at +27 860 555 566


If you can't find the job you're looking for, activate job alerts to be one of the first to know when new positions open up.

Apply now »