Job Title: Chief Information Security Officer (CISO)
Job Description: The institution is seeking to hire a qualified and highly experienced Chief Information Security Officer (CISO) the role entails looking at data management and analytics, which will help the Bank to better anticipate the nature of threats and determine the most appropriate action to meet them.
The Key Roles:
- Overseeing and implementing the Bank’s cyber security program and enforcing the cyber security policy/framework.
- Ensuring the Bank maintains a current enterprise-wide knowledge base of its users, devices, applications and their relationships, including but not limited to:
- Software and hardware asset inventory;
- Network maps (including boundaries, traffic and data flow); and
- Network utilization and performance data.
- Ensuring that information systems meet the needs of the Bank, in particular information system development strategies, comply with the overall business strategies, ERM framework, risk appetite and ICT policies.
- Design cyber security controls with the consideration of users at all levels of the organization, including internal (i.e. management, permanent & contract staff and direct sales representative) and third party users/external users (i.e. contractors/consultants, business partners and service providers).
- Organizing professional cyber related training to improve technical proficiency of staff.
- Conducting regular and comprehensive cyber risk assessments that consider people (i.e. employees, customers, outsourcing and other external parties), processes, data, and technology across all its business lines and locations.
- Monitoring current and emerging cyber risks.
- Maintain a comprehensive cyber risk register. Risk identification should be forward looking and include the security incident handling.
- Reporting to the board on an agreed interval but not less than once per quarter on the following:
- Assessment of the confidentiality, integrity and availability of the information systems in the banks.
- Detailed exceptions to the approved cyber security policies and procedures.
- Cyber risk identification.
- Assessment of the effectiveness of the approved cyber security program.
- All material cyber security events that affected the bank during the period.
- Ensure timely update of the incident response mechanism and Business Continuity Plan (BCP) based on the latest cyber threat intelligence gathered.
- Incorporate the utilization of scenario analysis to consider a material cyber-attack, mitigating actions, and identify potential control gaps.
- Ensure frequent data backups of critical IT systems (e.g. real time backup of changes made to critical data) are carried out to a separate storage location.
- Ensure the roles and responsibilities of managing cyber risks, including in emergency or crisis decision-making, are clearly defined, documented and communicated to relevant staff.
- Continuously test disaster recovery and Business Continuity Plans (BCP) arrangements to ensure that the bank can continue to function and meet its regulatory obligations in the event of an unforeseen attack through cyber-crime.
- Collaborate with other banks and the security agencies to share the latest cyber threats/attacks encountered by the bank.
Key Skills, Experience and Personal Competencies Required
- Excellent interpersonal & Communication Skills
- Working in Teams
- Excellent analytical skills
- Organization skills
- Problem solving skills
- Excellent knowledge of security tools
- Report writing skills
- 3- 5 years Banking Experience
Recommended Minimum Qualifications
- Graduate – BSc. Degree in Information Technology , Mathematics or Computer Science
- Master’s degree would be advantageous
- Certified Information Security Professional
- Cisco Certified Network Associate
- Cisco Certified Security Administrator
- Check point Certified Security Administrator
Method of Application
If you are up to the challenge & fit the required profile, please apply highlighting your qualification, experience and career aspirations match the requirement for this position.
Application should be sent latest 24th April 2020 clearly indicating the position you are applying for on the Subject to: firstname.lastname@example.org