Summary

The incumbent will assist the Head of IT Security Governance and Oversight to design and implement relevant information security policies to protect the confidentiality, integrity and availability of any information created, acquired or maintained by the Group, and its authorized users,;; and to assure that the Group complies with statutory and regulatory requirements regarding information access control, as well as industry best practices.

Responsibilities

• Ensure risk identification, analysis and mitigation activities are integrated into the information security life cycle.

• Ensure the use of an integrated risk management approach to create executive level perspectives and status reports regarding all security risks that the bank may encounter; this includes risks in physical security, access and control issues, data security, data privacy and contingency planning.

• Reviews standards for changes in legislation and accreditation that affect information security from multiple sources including National Institute Standards and Technology (NIST), Pay Card Industries (PCI), ISO 27001, ISO 22301 and ISO 31000.

• Develop project plans and determine priorities for major initiatives and insures proper implementation of programs and projects.

• Ensure the development and implementation of the Group’s information security policies and procedures and ensure timely updating thereof in light of changing circumstances/ best practices/ regulatory directives.

• Mitigate risks by creating project plans for specific implementations, identifying resources needed from the Information Technology department. Also, work with the Head of IT Security Operations to coordinate and schedule actions.

• Monitor and report the Key Risk Indicators and compliance of the Group’s information security policies and procedures at the head office, DR site, domestic and international branches and subsidiaries.

• Monitor effectiveness of controls against potential threats including hackers, software flaws, viruses, spyware, phishing and self-adaptive computer threats.

• Monitor and check the processes for detecting, identifying and analyzing security-related events.

• Responsible for assessing the adequacy of security frameworks for existing and new systems.

• Drive the establishment of a formal reporting process, which ensures that the Chief Information Security Officer (CISO) is continually informed of significant information security related issues.
  

• Use metrics to measure, monitor and report on the effectiveness and efficiency of information security controls and compliance with information security policies
  

• Develop and information security awareness training programs across the bank and assist in promoting activities to foster information security awareness within the Group.
  

• Research and propose information security products and services to protect and enhance the Group’s network infrastructure.

Qualifications

• Bachelor/ Masters Degree preferably in computer science, computer engineering or related subjects.

• Professional certification such as CISSP, CISM, CISA is mandatory.

• Minimum of 6 years’ experience in a major bank and good knowledge of IT Security controls.  

• Maintain an understanding of all pertinent regulations as well as best practices pertaining to information security including but not limited to relevant ISACA guidelines, CoBIT principles etc.

• Ability to communicate information security-related concepts to a broad spectrum of technical and non-technical staff.

• Apply in-depth critical and analytic thinking skills to unique problems and projects to provide effective assessment and solution generation; models or solutions are not readily available

• Well-developed analytical and interpersonal skills and ability to persuade others.

• Flexible team player and able to work and deliver under pressure.

• Ability to inspire and motivate others to gain commitment.

• Exercise high degree of initiative and thinking to perform complex tasks where no procedures or processes are available.