Head, Data Security

Business Segment: Personal & Private Banking

Company: Standard Bank of South Africa

Location: ZA, GP, Johannesburg, 30 Baker Street

The role is responsible for driving and supporting the bank's Information Security initiatives through the implementation, monitoring, and optimization of data protection and threat prevention controls. The incumbent will manage and enhance security platforms that protect sensitive data and systems from infiltration, misuse, and data leakage. This includes operational ownership of Data Loss Prevention (DLP), Email Security, Web Security, and Secure Service Edge (SSE) technologies whilst collaborating with risk, legal, compliance, and infrastructure teams to ensure alignment with regulatory and internal security requirements.

• Experience coordinating delivery across multiple technology or business domains where work spans platforms, infrastructure, or shared services (advantageous).
• Ability to manage cross team dependencies and ensure clear ownership and alignment across diverse technical streams.
• Familiarity with governance, risk, and compliance processes and integrating related commitments (e.g., audit, risk remediation) into programme delivery plans.
• Ability to consolidate multiple sources of work intake (strategic initiatives, operational requests, audit actions, BAU activities) into a unified delivery backlog.
• General understanding of enterprise technology environments (cloud, identity, networking, platforms, or security controls) to support effective dependency management.
• Experience coordinating delivery with third party service providers or vendors, ensuring aligned deliverables and timelines.
• Proven capability in identifying and resolving complex blockers involving multiple teams, vendors, or operational units.
• Experience supporting delivery hygiene and alignment to organisational standards (e.g., operational readiness, platform compliance, or control maturity baselines).
• Strong cross functional stakeholder engagement skills with ability to work across business, technology, and operational teams.
• Experience delivering in high assurance or regulated environments (financial services, telecoms, large enterprise IT) is advantageous.
• Exposure to technology control domains (identity, data protection, infrastructure hardening, network governance, etc.) is beneficial but not required.

Type of Qualification: First Degree

Field of Study: Information Technology

• Minimum10 yearsin information security or cyber risk, with deep experience in data security engineering or security operations.
• Proven leadership experience in managing complex control environments (email, DLP, SWG, APIs, cloud security).
• Strong understanding of POPIA, global data protection regulations, cyber frameworks and cloud-native security models.
• Demonstrated ability to lead high-performing teams in fast paced, 24/7 operational environments.
• Excellent stakeholder engagement, influencing and communication capabilities.
• Certifications such as CISSP, CCSP, CISM or cloud security certifications are advantageous.
• Manage and optimize data protection and security controls across endpoints, cloud platforms, and collaboration tools, ensuring minimal false positives and regulatory compliance.
• Administer and enhance email and web security solutions to protect against phishing, malware, and spoofing threats.
• Configure and monitor secure access technologies, including SSE and Zero Trust policies, to safeguard remote and cloud environments.
• Investigate security alerts, support incident response, and provide reporting while collaborating with cross-functional teams to strengthen overall security posture.