Head of Cyber Security

Empowering Africa’s tomorrow, together…one story at a time. With over 100 years of rich history and strongly positioned as a local bank with regional and international expertise, a career with our family offers the opportunity to be part of this exciting growth journey, to reset our future and shape our destiny as a proudly African group.

My Career Development Portal

Wherever you are in your career, we are here for you. Design your future. Discover leading-edge guidance, tools and support to unlock your potential. You are Absa. You are possibility.

Job Summary

The Head Cyber Security Management is responsible for developing, implementing, and managing the organization’s information security strategy to protect digital assets, data, and technology infrastructure against internal and external threats. This role ensures confidentiality, integrity, and availability of information systems while aligning security initiatives with business objectives and regulatory requirements.

The Head Cyber Security Management provides strategic leadership in risk management, cybersecurity governance, and compliance, fostering a culture of security awareness across the organization. They oversee the design and execution of security policies, incident response plans, and disaster recovery strategies, ensuring resilience against evolving cyber threats. Additionally, the Head Cyber Security Management collaborates with technology team, group Security Officer Team (CSO) and executive leadership to integrate security into enterprise architecture for securing business growth, digital transformation projects, third-party engagements to foster a culture of security awareness across the organization to ensure Absa Bank Tanzania is prepared to mitigate Cyber threats effectively.

Job Description

Main accountabilities and approximate time split

To provide the leadership and provision of expert advice on, the selection, design, justification, implementation and operation of information and cyber security controls and management strategies to maintain confidentiality, integrity, availability, accountability, and relevant compliance of information systems.

Strategic Leadership

• Develop, implement and execute an enterprise-wide information security strategy aligned with business objectives.
• Advise executive leadership and board on emerging security threats, trends, and compliance requirements.

Risk Management

• Identify, assess, and mitigate cyber and technology risks across all business units.
• Establish and maintain a risk management framework and ensure regular risk assessments.

Policy & Governance

• Define and enforce security policies, standards, and procedures.
• Ensure compliance with relevant regulatory and industry standards (e.g., ISO 27001, GDPR, NIST).

Incident Response & Recovery

• Lead the organization’s incident response program, including detection, containment, and remediation.
• Develop and maintain disaster recovery and business continuity plans.

Security Architecture & Operations

• Oversee the design and implementation of secure systems, networks, and applications.
• Manage security operations center (SOC) collaboratively with Absa Group Team and ensure continuous monitoring of threats.

Awareness & Training

• Promote a culture of security awareness through training and communication programs.
• Educate employees and stakeholders on cybersecurity best practices.

Vendor & Third-Party Risk

• Assess and manage security risks associated with vendors, partners, and third-party services.
• Ensure contractual obligations include adequate security measures.

Budget & Resource Management

• Develop and manage the information security budget.
• Allocate resources effectively to support security initiatives.

Reporting & Metrics

• Provide regular reports to executive leadership and the board on security posture, incidents, and risk.
• Define and track key performance indicators (KPIs) for security programs.

Cyber Security

• Conduct Technical security risk assessments for defined business applications or IT installations in defined areas and provides advice and guidance on the application and operation of elementary physical, procedural, and technical security controls.
• Continuously assesses threats and vulnerabilities regarding information assets and recommends the appropriate technical security controls and measures.
• Define, recommend, and manage cyber security controls for business initiatives and projects.
• Threat Vulnerability Assessments and Remediation Management Evaluate business requirements and assist with the secure design and solutioning of these requirements into system design and operation.
• Provides reports to key stakeholders regarding the effectiveness of cyber security posture and makes recommendations for the adoption of new policies and procedures.
• Act as a subject matter expert (SME) in conducting vendor cyber risk assessments to improve overall vendor risk program.
• Oversee cyber security intelligence, incident response and cyber resilience management.
• Initiate and conduct cyber and information security readiness exercises as follows: a) at least quarterly, an exercise shall be staged to assess the ability of one or more business entities to deal with a cyber-attack; and b) once a year, an exercise shall be undertaken to assess the preparedness of the entire business to withstand cyber-attacks.
• Validate baseline security configurations for operating systems, applications, databases, networking, and communications equipment in line with Group standards.
• Engage with third-party vendors to evaluate new security products or as part of a security due diligence process.
• Promote cyber and information security awareness and train employees, suppliers, business partners and customers.

Methodology and Governance

• Formulate an organizational methodology for managing cyber and information security risks.
• Develop and update specific and general work procedures for realizing the organization’s cyber and information security policy.
• Integrate and coordinate all business cyber and information security efforts, including oversight and control of all business units participating in these efforts.
• Create a framework for receiving ongoing and ad-hoc reports from various business units.
• Coordinate cyber and information security activities, including joint exercises with business partners and service providers.

Management

• Ensure assessment all cyber and information security risk within the relevant business units are undertaken, in order to analyze, assess and report same to Senior Management: the risk levels are integral to the business's technological and business activities. The controls required to ensure the system’s integrity. The level of residual risk and exposure to cyber and information security threats the business is willing to accept in implementing these activities.
• Ensure preparation of reports on major cyber and information security incidents to the relevant parties.
• Draw up annual and multiannual work plans, including budgeting, prioritization, and timetables for implementing the assessment processes.
• Prepare and submit annual reports to the Senior Management and Board, detailing the business cyber and information security defense level, weaknesses and vulnerabilities, available countermeasures, and the activities and budgets required to enhance its defenses.
• Deliver high quality report to the respective sub board committees.
• Develop a high performing team by embedding formal performance development and informal coaching. Encourage frequent knowledge sharing between team members.

Additional Responsibilities

• Continuously learn and monitor cyber and information security issues by identifying trends, methods and advanced developments in the field while gathering information about emerging attack techniques and ways of dealing with them.
• Form a Cyber-Incident Response Team.
• Analyze cyber and information security incidents that have occurred in Ghana and worldwide, and assess their potential impact on the business, as well as implement the relevant measures proposed.
• Develop metrics and indicators to assess the effectiveness of cyber and information security systems and procedures.
• Assess regular and ad-hoc business cyber and information security controls.
• Be responsible for collaborating with relevant institutions involved in cyber and information security issues.

Knowledge Management

• Improve technical knowledge through self-learning or training including mandatory continuous Professional Education requirements.
• Share knowledge in area of responsibility with the team to ensure that audit activities are planned effectively and completed in line with quality standards and audit methodology.
• Present effectively at stakeholder meetings and forums (eg: Risk and Governance Forums etc.) by sharing knowledge and information, including methodology, standards, changes and new developments, with business stakeholders on an ongoing basis.
• Perform all other duties as reasonably assigned.

Risk and Control responsibilities

• Understand and adhere to the appropriate Absa Policies and Standards applicable to the role.
• Understand and manage risks and risk events (incidents) in the role thereby contributing to the adherence to the Absa Risk and Control Framework.
• Complete all mandatory training as required.

Technical skills / Competencies

Competencies:

Education: Bachelor’s degree in computer science, Information Technology, Cybersecurity, or related field; master’s degree preferred.

Experience: Minimum 10+ years in information security roles, with at least 5 years in a leadership position.

Certifications: CISSP, CISM, CISA, or equivalent.

Technical Expertise: Strong knowledge of cybersecurity frameworks, risk management, compliance standards as well as round technology skills such as cloud platforms (AWS, Azure), DevSecOps, and Zero Trust Architecture.

Leadership Skills: Proven ability to lead cross-functional teams and influence executive decision-making.

Communication: Excellent verbal and written communication skills; ability to present complex security concepts to non-technical stakeholders, stakeholder influence and crisis communication.

KPIs and other requirements

Key Performance Indicators (KPIs)

• Reduction in security incidents and breaches year-over-year.
• Compliance with regulatory and industry standards.
• Time to detect and respond to security incidents.
• Employee security awareness training completion rates.
• Vendor risk assessment completion and remediation timelines.

Other requirements specific to the role:

• Able to deal professionally, confidently, and effectively with staff at all levels, internally and externally
• Ability to work autonomously
• Ability to keep abreast of industry changes in both the business and marketing environments

Additional details of exceptional aspects of the demands of the role:

• Able to work under pressure and adhere to strict and tight deadlines on a wide range of tasks
• Able to keep abreast of developments in the business and financial services environment
• Appreciate changes in technology and delivery channels and their impact on the financial services environment
• Occasional Business travel locally and regionally.

Deciding and initiating action

Entrepreneurial and commercial thinking

Persuading and influencing

Creating and innovating

Communication and Interaction required:

• Staff in own area (manager, subordinates, colleagues) [30%]
• Staff outside own area [25%]
• Internal customers (other than staff in own area) [30%]
• External Customers [5%]
• Regulators/Government Agencies [10%]

Absa Values

Absa’s Values and Behaviours represent the set of standards which governs the actions of all of us who work for the bank and against which the performance of every one of us in Absa are being assessed and rewarded:

• Trust
• Resourceful
• Inclusion
• Courage
• Stewardship

Education

Bachelor's Degree: Computer and Information Science