Job Description
Job Purpose:
The jobholder is responsible for providing continuous independent assurance on the Bank’s information security as regards confidentiality, integrity and availability of the IT infrastructure, processing systems and related resources in line with the Information Security Policy.
Key Responsibilities
• To monitor, maintain and protect the Bank’s networks, systems and assets for malicious activity using technologies such as Security Incident and Event Management (SIEM) and IDS systems.
• To respond rapidly and effectively to cyber security incidents, managing them in a professional manor, including performing forensics for evidence gathering and preservation.
• Identify, troubleshoot, diagnose, resolve and report the Bank’s security incidents; help coordinate and conduct investigations of suspected breaches
• Support the unit in report preparation and incident documentation and subsequent follow-ups for closure.
• Ensure information security solutions are consistent with the Information Security Policies &Standards and corporate architectural directions/directives and oversee deployment.
• To carry out technical vulnerability assessments of IT systems to identify potential vulnerabilities, make recommendations to control identified risks and work with those individuals to ensure they are implemented
• Conduct independent review of technology related procedures and/or product programs to ensure that the appropriate infrastructure is incorporated into the different business initiatives and that the Bank’s technology policies are respected.
• Carry out Information security reviews along the various phases of projects lifecycles as detailed in the Bank’s project management framework.
• Develop and maintain the Bank’s information Security policy, framework, and Governance structure in line with best practice and CBK regulations.
• Lead business in development of corrective action plans as a result of gap assessment findings, and/or technical security assessment results.
• Be aware of application, product and system development within the business and appraise the effect and appropriateness of planned changes to the existing control framework.
• Review and Test the resilience and preparedness levels attributed to the Bank’s Business Continuity Plan and Disaster Recovery Plan.
• Conduct Vendor Risk Management of the bank’s outsourced ICT services
• Stay up-to-date on information technology trends and security standards.
• Improve the Bank’s cyber security culture through conducting regular awareness trainings to all staff. This includes threat intelligence monitoring from the industry and related trends.
Qualifications:
• Bachelor’s degree in Information Technology or a Business related field.
• Certified Information Systems Auditor certification (Preferred).
• Certified Information Security Manager certification(Required)
• Certified Information Systems Security Professional (Preferred)
Experience:
• A minimum of 3 years banking experience in information technology control or related field within a large and highly computerized environment.
• A minimum of 3 years’ experience in managing a Security Operations Team
Personal Attributes
• Understanding of risk and systems security control processes.
• Understanding of Information Security and control objectives.
• Customer Service Skills.
• Demonstrate leadership ability capacity.
• Superior communication and inter-personal skills, including sound report writing and presentation skills.
• Effective planning, organizing and problem solving skills.
• Initiative and self-drive.
• Able to work under minimal supervision.