Reporting to the Head of Operational Risk Management, the role holder will be responsible for upholding confidentiality, integrity, and availability of the information technology environment by ensuring responsibility for ongoing risk assessment, evaluation of appropriate security controls, development and monitoring of policies and standards, security awareness and proactive compliance with industry regulations related to information security.
QUALIFICATIONS, EXPERIENCE, and COMPETENCIES REQUIRED:
• Bachelors or Graduate Degree with sufficient background in information security and business management disciplines.
• Professional digital security certifications in relevant technologies such as Cisco, Microsoft, CISSP, Unix / Linux will be an added advantage.
• 7 years’ working experience of which 3 should be in an information security-related role.
• Experience managing projects and programs to achieve information security objectives.
• Demonstrated exceptional written and verbal communication skills.
• Understanding current technology and regulatory trends affecting financial institution information security programs.
• Excellent interpersonal skills and the ability to work effectively with people in a wide range of positions and levels.
• Demonstrated ability to analyze security and technology control effectiveness.
• Ability to effectively prioritize and execute tasks in a high-pressure environment.
• Good analytical decision-making skills to enable the effective handling of all systems while retaining the integrity of data.
• Ability to be proactive and lead cross-functional teams to achieve information security objectives.
• Good report writing techniques in order to review and redesign operational and management information reports suiting departmental reporting purposes. nix / Linux will be an added advantage.
• Excellent communications and engagement skills.
• Strong attention to detail and personal effectiveness.
• High-level integrity and standards.
• Self-drive and initiative.
• Customer Dedication and Community Immersion.
• Relationship Building.
• Team Player.
• Creative Initiative.
• Unafraid to take responsibility, partner with the business whilst retaining independence to challenge the business.
• Ability to work effectively with local contemporaries and peers in other clusters and regions to maintain a collaborative culture.
If you believe you meet the requirements as noted above, please forward your application with a detailed CV including present position and copies of relevant professional/academic certificates (University Transcript, O & A level), by close of business on Friday 25th June 2021 to the email address indicated below;
• Work closely with Information Technology professionals responsible for user security and access controls to review privileged levels of access and changes to the technology environment for risk.
• Oversight of the vulnerability management program.
• Develop the information security workplan, policies, and standards in conjunction with the technology team within the Bank.
• Develop and maintain information security risk assessments designed to evaluate inherent risks, controls, and residual risks. Effectively advocate within the business for security controls that mitigate unacceptable risks.
• Oversee security awareness activities for bank employees and customers. Ensure that bank culture maintains a commitment to security.
• Support the first line to design, implement, and maintain the organization’s cybersecurity plan and perform assurance checks on this plan.
• Perform assessment of security controls and evaluate results relative to risk assessment.
• Work with Information Technology and other business unit stakeholders during project and product development efforts and work as well with Business Technology to ensure that appropriate security controls are considered during vendor selection and development efforts.
• Monitor regulations and technology trends that affect financial institutions. Evaluate compliance and develop plans for compliance with regard to information security. Educate bank employees and act as a champion for compliance throughout the bank.
• Establish and maintain successful external relationships with security technology and service providers, industry experts, local law enforcement, industry consortiums, and regulatory agencies.
• Ensure the integrity of Information Security controls in the business through enforcement of self-assessments (RCSA/KRIs) and giving prompt feedback to the first line of defense. Actively participate in a robust review and challenge process with technology-inclined units on their Risk & Control Self Assessments and overall performance.
• Follow up and ensure that all Technology related Internal/External Audit and BOU inspection findings have been fully resolved and that no repeat findings arise in subsequent audits.
• Conduct periodic risk-based Unit assurance reviews to monitor how effective their risk management practices are and recommend remedial actions where there are control weaknesses.
• Support the bank’s digital strategy by performing the quality assurance role on bank projects while ensuring any risks/threats to the bank’s technology platforms are proactively identified and advised to the Head of Operational Risk Management or CRO.
• Coordination of the bank’s Business Continuity Management activities including review of the Disaster Recovery Plan, testing of this plan, and quality assurance of the same.
• Monitoring and review of IT-related SLAs.
• Develop and maintain a procedure for monitoring system support and performance levels.