Business Information Security Officer at Absa Group Limited (Absa)

November 4, 2025

Experience: Mid-level, Senior-level

Education: Bachelors

Job-type: Full Time

Location: Gauteng

Field: IT

Absa Group Limited is a diversified African financial services provider offering a wide range of products and services across retail, business, corporate, investment, and wealth banking, as well as investment management and insurance. Formerly known as the Amalgamated Banks of South Africa (ABSA) and Barclays Africa Group Limited, it is headquartered in Johannesburg, South Africa, and operates in 12 countries across the continent with around 42,000 employees. Absa is committed to empowering its clients and uplifting communities, aiming to be a globally respected organization that Africa can be proud of.

Job overview 

  • The Business Unit Business Information Security Officer (BISO) is responsible for integrating cybersecurity measures into the business unit’s strategy, ensuring that information security initiatives align with and support its specific goals.
  • The BU BISO acts as a bridge between the central security function and business unit leadership, providing expertise on risk management, compliance, and data protection within the unit’s unique operational context.
  • This role involves implementing security policies, conducting risk assessments, and managing security incidents to safeguard the unit’s information assets.

Responsibilities

  • Bridge the gap between business operations and IT security. Act as a liaison and translator between technical security teams and business units, ensuring security initiatives align with business objectives and risk appetite.
  • Implement and maintain information security policies and procedures. Develop, implement, and enforce information security policies, standards, and procedures aligned with industry best practices and regulatory requirements.
  • Conduct risk assessments and business impact analyses. Identify, assess, and prioritize information security risks across the organization, and develop mitigation plans to address them.
  • Oversee security awareness and training programs. Develop and implement security awareness programs to educate employees on security best practices and promote a security-conscious culture.
  • Collaborate with IT security teams. Work closely with IT security teams to ensure technical security controls are implemented effectively and aligned with business needs.
  • Monitor and respond to security incidents. Assist in the investigation and response to security incidents, ensuring appropriate actions are taken to contain and remediate threats.
  • Manage third-party security risks. Assess and manage security risks associated with third-party vendors and partners.
  • Ensure compliance with regulations and standards. Maintain compliance with relevant regulations and standards, such as GDPR, HIPAA, PCI-DSS, and ISO 27001.
  • Report on security posture and KPIs. Provide regular reports to senior management on the organization’s security posture, risks, and key performance indicators.

Qualifications

  • Relevant Bachelor’s degree in Information Security, Computer Science, or a related field.
  • Industry certifications such as Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), or Certified in Risk and Information Systems Control (CRISC).
  • Ongoing training in information security, risk management, and regulatory compliance.
  • 8 years’ experience in the information technology or related field
  • 3 years in IT Project Management

Skills

  • Information Security Frameworks and Standards. Knowledge of relevant information security frameworks and standards, such as ISO 27001, NIST Cybersecurity Framework, and COBIT.
  • Risk Management. Experience in conducting risk assessments, business impact analyses, and developing risk mitigation plans.
  • Security Policies and Procedures. Ability to develop, implement, and enforce information security policies and procedures.
  • Incident Response. Understanding of incident response processes and procedures.
  • Data Privacy and Protection. Knowledge of data privacy regulations and best practices for protecting sensitive information.
  • Third-Party Risk Management. Experience in assessing and managing security risks associated with third-party vendors and partners.
  • IT Security Technologies. Familiarity with key IT security technologies, such as firewalls, intrusion detection systems, and vulnerability scanners.

Education

  • Bachelor`s Degrees and Advanced Diplomas: Physical, Mathematical, Computer and Life Sciences (Required)

Method of Application

Meet the qualifications?

Apply now at Absa Group Limited (Absa) on absa.wd3.myworkdayjobs.cok

Fast Track Your Application

Want to skip the queue? Submit your CV directly and our team will prioritise your application.

Submit Your CV

Other IT Jobs You Might Like

Latest Jobs

Scroll to Top